taxon c# c/c++ cuda go java javascript kotlin objective-c php python ruby scala swift typescript vb.net
1 DEPRECATED: Location
2 7PK - Environment
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XSS none
  • XSS stored_xss
  • INCOMPATIBLE_CAST endianness
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • INCOMPATIBLE_CAST endianness
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XSS none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_HTTP_FIREWALL spring_security
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • INCOMPATIBLE_CAST endianness
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XSS none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XSS none
  • XSS stored_xss
3 DEPRECATED: Technology-specific Environment Issues
4 DEPRECATED: J2EE Environment Issues
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_HTTP_FIREWALL spring_security
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
5 J2EE Misconfiguration: Data Transmission Without Encryption
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
6 J2EE Misconfiguration: Insufficient Session-ID Length
7 J2EE Misconfiguration: Missing Custom Error Page
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
8 J2EE Misconfiguration: Entity Bean Declared Remote
9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods
10 DEPRECATED: ASP.NET Environment Issues
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
11 ASP.NET Misconfiguration: Creating Debug Binary
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
12 ASP.NET Misconfiguration: Missing Custom Error Page
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
13 ASP.NET Misconfiguration: Password in Configuration File
  • CONFIG.CONNECTION_STRING_PASSWORD none
14 Compiler Removal of Code to Clear Buffers
15 External Control of System or Configuration Setting
16 Configuration
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_HTTP_FIREWALL spring_security
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_transmission
17 DEPRECATED: Code
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_THROW none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • FLOATING_POINT_EQUALITY none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_printf_format_string
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_printf_format_string
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • PROPERTY_MIXUP none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_printf_format_string
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
18 DEPRECATED: Source Code
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_THROW none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • FLOATING_POINT_EQUALITY none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_printf_format_string
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_printf_format_string
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • PROPERTY_MIXUP none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_printf_format_string
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
19 Data Processing Errors
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_EQ referential
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE string_lit_comparison
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FLOATING_POINT_EQUALITY none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE string_lit_comparison
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HEADER_INJECTION none
  • INSUFFICIENT_LOGGING logging_obligation
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE string_lit_comparison
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • HARDCODED_CREDENTIALS secret_in_source_med
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
20 Improper Input Validation
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
21 DEPRECATED: Pathname Traversal and Equivalence Errors
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • JSP_DYNAMIC_INCLUDE none
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • JSP_DYNAMIC_INCLUDE none
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
23 Relative Path Traversal
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
24 Path Traversal: '../filedir'
25 Path Traversal: '/../filedir'
26 Path Traversal: '/dir/../filename'
27 Path Traversal: 'dir/../../filename'
28 Path Traversal: '..\filedir'
29 Path Traversal: '\..\filename'
30 Path Traversal: '\dir\..\filename'
31 Path Traversal: 'dir\..\..\filename'
32 Path Traversal: '...' (Triple Dot)
33 Path Traversal: '....' (Multiple Dot)
34 Path Traversal: '....//'
35 Path Traversal: '.../...//'
36 Absolute Path Traversal
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
37 Path Traversal: '/absolute/pathname/here'
38 Path Traversal: '\absolute\pathname\here'
39 Path Traversal: 'C:dirname'
40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
41 Improper Resolution of Path Equivalence
42 Path Equivalence: 'filename.' (Trailing Dot)
43 Path Equivalence: 'filename....' (Multiple Trailing Dot)
44 Path Equivalence: 'file.name' (Internal Dot)
45 Path Equivalence: 'file...name' (Multiple Internal Dot)
46 Path Equivalence: 'filename ' (Trailing Space)
47 Path Equivalence: ' filename' (Leading Space)
48 Path Equivalence: 'file name' (Internal Whitespace)
49 Path Equivalence: 'filename/' (Trailing Slash)
50 Path Equivalence: '//multiple/leading/slash'
51 Path Equivalence: '/multiple//internal/slash'
52 Path Equivalence: '/multiple/trailing/slash//'
53 Path Equivalence: '\multiple\\internal\backslash'
54 Path Equivalence: 'filedir\' (Trailing Backslash)
55 Path Equivalence: '/./' (Single Dot Directory)
56 Path Equivalence: 'filedir*' (Wildcard)
57 Path Equivalence: 'fakedir/../realdir/filename'
58 Path Equivalence: Windows 8.3 Filename
59 Improper Link Resolution Before File Access ('Link Following')
60 DEPRECATED: UNIX Path Link Problems
61 UNIX Symbolic Link (Symlink) Following
62 UNIX Hard Link
63 DEPRECATED: Windows Path Link Problems
64 Windows Shortcut Following (.LNK)
65 Windows Hard Link
66 Improper Handling of File Names that Identify Virtual Resources
67 Improper Handling of Windows Device Names
68 DEPRECATED: Windows Virtual File Problems
69 Improper Handling of Windows ::DATA Alternate Data Stream
70 DEPRECATED: Mac Virtual File Problems
71 DEPRECATED: Apple '.DS_Store'
72 Improper Handling of Apple HFS+ Alternate Data Stream Path
73 External Control of File Name or Path
  • UNRESTRICTED_DISPATCH none
  • UNRESTRICTED_DISPATCH none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • UNRESTRICTED_DISPATCH none
74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
76 Improper Neutralization of Equivalent Special Elements
77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • EL_INJECTION none
  • HEADER_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
81 Improper Neutralization of Script in an Error Message Web Page
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
82 Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
83 Improper Neutralization of Script in Attributes in a Web Page
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
84 Improper Neutralization of Encoded URI Schemes in a Web Page
85 Doubled Character XSS Manipulations
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
86 Improper Neutralization of Invalid Characters in Identifiers in Web Pages
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
87 Improper Neutralization of Alternate XSS Syntax
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
91 XML Injection (aka Blind XPath Injection)
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
92 DEPRECATED: Improper Sanitization of Custom Special Characters
93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
  • HEADER_INJECTION none
  • HEADER_INJECTION none
  • HEADER_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • HEADER_INJECTION none
  • HEADER_INJECTION none
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • HEADER_INJECTION none
94 Improper Control of Generation of Code ('Code Injection')
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • TEMPLATE_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TEMPLATE_INJECTION none
  • XPATH_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TEMPLATE_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • XPATH_INJECTION none
95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
  • SCRIPT_CODE_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SCRIPT_CODE_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SCRIPT_CODE_INJECTION none
96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
  • JSP_DYNAMIC_INCLUDE none
97 Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
  • JSP_DYNAMIC_INCLUDE none
98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
99 Improper Control of Resource Identifiers ('Resource Injection')
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • LOCALSTORAGE_MANIPULATION none
  • SESSIONSTORAGE_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • URL_MANIPULATION none
  • LOCALSTORAGE_MANIPULATION none
  • SESSIONSTORAGE_MANIPULATION none
  • URL_MANIPULATION none
100 DEPRECATED: Technology-Specific Input Validation Problems
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
101 DEPRECATED: Struts Validation Problems
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
102 Struts: Duplicate Validation Forms
103 Struts: Incomplete validate() Method Definition
104 Struts: Form Bean Does Not Extend Validation Class
105 Struts: Form Field Without Validator
106 Struts: Plug-in Framework not in Use
107 Struts: Unused Validation Form
108 Struts: Unvalidated Action Form
109 Struts: Validator Turned Off
110 Struts: Validator Without Form Field
111 Direct Use of Unsafe JNI
112 Missing XML Validation
113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
  • HEADER_INJECTION none
  • HEADER_INJECTION none
  • HEADER_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • HEADER_INJECTION none
  • HEADER_INJECTION none
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • HEADER_INJECTION none
114 Process Control
115 Misinterpretation of Input
116 Improper Encoding or Escaping of Output
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
117 Improper Output Neutralization for Logs
  • LOG_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • LOG_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • LOG_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
118 Incorrect Access of Indexable Resource ('Range Error')
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
119 Improper Restriction of Operations within the Bounds of a Memory Buffer
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
121 Stack-based Buffer Overflow
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
122 Heap-based Buffer Overflow
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
123 Write-what-where Condition
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
124 Buffer Underwrite ('Buffer Underflow')
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
125 Out-of-bounds Read
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN read
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN read
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN read
126 Buffer Over-read
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN read
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN read
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN read
127 Buffer Under-read
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN read
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN read
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN read
128 Wrap-around Error
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
129 Improper Validation of Array Index
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
130 Improper Handling of Length Parameter Inconsistency
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
131 Incorrect Calculation of Buffer Size
  • BAD_ALLOC_STRLEN none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • BAD_ALLOC_STRLEN none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • BAD_ALLOC_STRLEN none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
132 DEPRECATED (Duplicate): Miscalculated Null Termination
133 String Errors
  • BAD_COMPARE string_lit_comparison
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • BAD_COMPARE string_lit_comparison
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • BAD_COMPARE string_lit_comparison
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
134 Use of Externally-Controlled Format String
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
135 Incorrect Calculation of Multi-Byte String Length
  • COM.BSTR.CONV none
136 Type Errors
  • CHAR_IO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • SIGN_EXTENSION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • CHAR_IO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • SIGN_EXTENSION none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • CHAR_IO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • SIGN_EXTENSION none
  • SQLI sql_injection_dynamic_finder_med
137 Data Neutralization Issues
  • BAD_EQ referential
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EL_INJECTION none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
138 Improper Neutralization of Special Elements
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • OS_CMD_INJECTION none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • OS_CMD_INJECTION none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • JSP_SQL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • OS_CMD_INJECTION none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
139 DEPRECATED: General Special Element Problems
140 Improper Neutralization of Delimiters
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • JSP_SQL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
141 Improper Neutralization of Parameter/Argument Delimiters
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • JSP_SQL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
142 Improper Neutralization of Value Delimiters
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
143 Improper Neutralization of Record Delimiters
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
144 Improper Neutralization of Line Delimiters
145 Improper Neutralization of Section Delimiters
146 Improper Neutralization of Expression/Command Delimiters
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • JSP_SQL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
147 Improper Neutralization of Input Terminators
148 Improper Neutralization of Input Leaders
149 Improper Neutralization of Quoting Syntax
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
150 Improper Neutralization of Escape, Meta, or Control Sequences
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
151 Improper Neutralization of Comment Delimiters
152 Improper Neutralization of Macro Symbols
153 Improper Neutralization of Substitution Characters
154 Improper Neutralization of Variable Name Delimiters
155 Improper Neutralization of Wildcards or Matching Symbols
156 Improper Neutralization of Whitespace
157 Failure to Sanitize Paired Delimiters
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
158 Improper Neutralization of Null Byte or NUL Character
159 Improper Handling of Invalid Use of Special Elements
160 Improper Neutralization of Leading Special Elements
161 Improper Neutralization of Multiple Leading Special Elements
162 Improper Neutralization of Trailing Special Elements
163 Improper Neutralization of Multiple Trailing Special Elements
164 Improper Neutralization of Internal Special Elements
165 Improper Neutralization of Multiple Internal Special Elements
166 Improper Handling of Missing Special Element
167 Improper Handling of Additional Special Element
168 Improper Handling of Inconsistent Special Elements
169 DEPRECATED: Technology-Specific Special Elements
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • READLINK none
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • READLINK none
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • READLINK none
  • SIZECHECK no_null_terminator
  • STRING_NULL none
170 Improper Null Termination
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • READLINK none
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • READLINK none
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • READLINK none
  • SIZECHECK no_null_terminator
  • STRING_NULL none
171 DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
  • BAD_EQ referential
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EL_INJECTION none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
172 Encoding Error
173 Improper Handling of Alternate Encoding
174 Double Decoding of the Same Data
175 Improper Handling of Mixed Encoding
176 Improper Handling of Unicode Encoding
177 Improper Handling of URL Encoding (Hex Encoding)
178 Improper Handling of Case Sensitivity
179 Incorrect Behavior Order: Early Validation
180 Incorrect Behavior Order: Validate Before Canonicalize
181 Incorrect Behavior Order: Validate Before Filter
182 Collapse of Data into Unsafe Value
183 Permissive List of Allowed Inputs
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
184 Incomplete List of Disallowed Inputs
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
185 Incorrect Regular Expression
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • REGEX_CONFUSION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
186 Overly Restrictive Regular Expression
187 Partial String Comparison
188 Reliance on Data/Memory Layout
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST endianness
189 Numeric Errors
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • COM.BSTR.CONV none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FLOATING_POINT_EQUALITY none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • OVERFLOW_BEFORE_WIDEN none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
190 Integer Overflow or Wraparound
  • OVERFLOW_BEFORE_WIDEN none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • OVERFLOW_BEFORE_WIDEN none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • OVERFLOW_BEFORE_WIDEN none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • OVERFLOW_BEFORE_WIDEN none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • OVERFLOW_BEFORE_WIDEN none
  • OVERFLOW_BEFORE_WIDEN none
191 Integer Underflow (Wrap or Wraparound)
192 Integer Coercion Error
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
193 Off-by-one Error
194 Unexpected Sign Extension
  • SIGN_EXTENSION none
  • SIGN_EXTENSION none
  • SIGN_EXTENSION none
195 Signed to Unsigned Conversion Error
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_cast
196 Unsigned to Signed Conversion Error
197 Numeric Truncation Error
  • CHAR_IO none
  • MISRA_CAST integer_narrowing_conversion
  • NO_EFFECT bad_memset_truncated_fill
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • CHAR_IO none
  • MISRA_CAST integer_narrowing_conversion
  • NO_EFFECT bad_memset_truncated_fill
  • CHAR_IO none
  • MISRA_CAST integer_narrowing_conversion
  • NO_EFFECT bad_memset_truncated_fill
198 Use of Incorrect Byte Ordering
199 Information Management Errors
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSUFFICIENT_LOGGING logging_obligation
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.REC_CATCH_EXCEPTION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
200 Exposure of Sensitive Information to an Unauthorized Actor
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION unencrypted_connection
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
201 Insertion of Sensitive Information Into Sent Data
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
202 Exposure of Sensitive Information Through Data Queries
203 Observable Differences in Behavior to Error Inputs
204 Observable Response Discrepancy
205 Observable Behavioral Discrepancy
206 Observable Internal Behavioral Discrepancy
207 Observable Behavioral Discrepancy With Equivalent Products
208 Observable Timing Discrepancy
209 Generation of Error Message Containing Sensitive Information
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
210 Self-generated Error Message Containing Sensitive Information
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
211 Externally-Generated Error Message Containing Sensitive Information
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
212 Improper Removal of Sensitive Information Before Storage or Transfer
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
213 Exposure of Sensitive Information Due to Incompatible Policies
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
214 Invocation of Process Using Visible Sensitive Information
215 Insertion of Sensitive Information Into Debugging Code
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • ANDROID_DEBUG_MODE none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • ANDROID_DEBUG_MODE none
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
216 DEPRECATED: Containment Errors (Container Errors)
  • FB.MS_CANNOT_BE_FINAL none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
217 DEPRECATED: Failure to Protect Stored Data from Modification
218 DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
  • FB.EI_EXPOSE_STATIC_REP2 none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.MS_EXPOSE_REP none
  • FB.MS_FINAL_PKGPROTECT none
  • FB.MS_MUTABLE_ARRAY none
  • FB.MS_MUTABLE_COLLECTION none
  • FB.MS_MUTABLE_COLLECTION_PKGPROTECT none
  • FB.MS_MUTABLE_HASHTABLE none
  • FB.MS_OOI_PKGPROTECT none
  • FB.MS_PKGPROTECT none
  • FB.MS_SHOULD_BE_FINAL none
  • FB.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL none
219 Storage of File with Sensitive Data Under Web Root
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
220 Storage of File With Sensitive Data Under FTP Root
221 Information Loss or Omission
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • FB.REC_CATCH_EXCEPTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_LOGGING logging_obligation
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
222 Truncation of Security-relevant Information
223 Omission of Security-relevant Information
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_LOGGING logging_obligation
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
224 Obscured Security-relevant Information by Alternate Name
225 DEPRECATED (Duplicate): General Information Management Problems
226 Sensitive Information in Resource Not Removed Before Reuse
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
227 7PK - API Abuse
  • CALL_SUPER none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.BSTR.ALLOC double_free
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK double_lock
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HTTP_VERB_TAMPERING none
  • DC.DANGEROUS none
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • INSECURE_HTTP_FIREWALL spring_security
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • ORM_LOAD_NULL_CHECK none
  • SWAPPED_ARGUMENTS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • CALL_SUPER none
  • SWAPPED_ARGUMENTS none
228 Improper Handling of Syntactically Invalid Structure
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
229 Improper Handling of Values
230 Improper Handling of Missing Values
231 Improper Handling of Extra Values
232 Improper Handling of Undefined Values
233 Improper Handling of Parameters
234 Failure to Handle Missing Parameter
235 Improper Handling of Extra Parameters
236 Improper Handling of Undefined Parameters
237 Improper Handling of Structural Elements
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
238 Improper Handling of Incomplete Structural Elements
239 Failure to Handle Incomplete Element
240 Improper Handling of Inconsistent Structural Elements
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
241 Improper Handling of Unexpected Data Type
242 Use of Inherently Dangerous Function
  • DC.DANGEROUS none
243 Creation of chroot Jail Without Changing Working Directory
  • CHROOT none
  • CHROOT none
  • CHROOT none
244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')
245 J2EE Bad Practices: Direct Management of Connections
246 J2EE Bad Practices: Direct Use of Sockets
247 DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
248 Uncaught Exception
  • UNCAUGHT_EXCEPT none
  • UNCAUGHT_EXCEPT none
  • UNCAUGHT_EXCEPT none
249 DEPRECATED: Often Misused: Path Manipulation
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
250 Execution with Unnecessary Privileges
251 Often Misused: String Management
252 Unchecked Return Value
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
253 Incorrect Check of Function Return Value
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • ORM_LOAD_NULL_CHECK none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
254 7PK - Security Features
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHROOT none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHROOT none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSUFFICIENT_LOGGING logging_obligation
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MOBILE_ID_MISUSE none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHROOT none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
255 Credentials Management Errors
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_SALT hardcoded
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_SALT hardcoded
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
256 Unprotected Storage of Credentials
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
257 Storing Passwords in a Recoverable Format
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
258 Empty Password in Configuration File
259 Use of Hard-coded Password
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS secret_in_source_med
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
260 Password in Configuration File
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
261 Weak Encoding for Password
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
262 Not Using Password Aging
263 Password Aging with Long Expiration
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
264 Permissions, Privileges, and Access Controls
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • OPEN_REDIRECT none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • OPEN_REDIRECT none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XML_EXTERNAL_ENTITY external_entities
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
265 Privilege Issues
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CHROOT none
  • URL_MANIPULATION none
  • CHROOT none
  • URL_MANIPULATION none
  • OPEN_REDIRECT none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • CALL_SUPER clone
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • HEADER_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • OPEN_REDIRECT none
  • TRUST_BOUNDARY_VIOLATION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CHROOT none
  • URL_MANIPULATION none
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT none
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XML_EXTERNAL_ENTITY external_entities
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
266 Incorrect Privilege Assignment
267 Privilege Defined With Unsafe Actions
268 Privilege Chaining
269 Improper Privilege Management
270 Privilege Context Switching Error
271 Privilege Dropping / Lowering Errors
272 Least Privilege Violation
273 Improper Check for Dropped Privileges
274 Improper Handling of Insufficient Privileges
275 Permission Issues
  • INSECURE_COOKIE dotnet
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE missing_httponly_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
276 Incorrect Default Permissions
277 Insecure Inherited Permissions
278 Insecure Preserved Inherited Permissions
279 Incorrect Execution-Assigned Permissions
280 Improper Handling of Insufficient Permissions or Privileges
281 Improper Preservation of Permissions
282 Improper Ownership Management
283 Unverified Ownership
284 Improper Access Control
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
285 Improper Authorization
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • IMPLICIT_INTENT none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • IMPLICIT_INTENT none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
286 Incorrect User Management
287 Improper Authentication
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
288 Authentication Bypass Using an Alternate Path or Channel
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_applied_globally
289 Authentication Bypass by Alternate Name
  • MULTER_MISCONFIGURATION multer_applied_globally
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • MULTER_MISCONFIGURATION multer_applied_globally
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
290 Authentication Bypass by Spoofing
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
291 Reliance on IP Address for Authentication
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
292 DEPRECATED (Duplicate): Trusting Self-reported DNS Name
293 Using Referer Field for Authentication
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
294 Authentication Bypass by Capture-replay
295 Improper Certificate Validation
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
296 Improper Following of a Certificate's Chain of Trust
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION bad_trust_manager
297 Improper Validation of Certificate with Host Mismatch
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_ssl_session
298 Improper Validation of Certificate Expiration
299 Improper Check for Certificate Revocation
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_revocation_check
300 Channel Accessible by Non-Endpoint
  • RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO ssl_protocol
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • RISKY_CRYPTO ssl_protocol
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO ssl_protocol
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • RISKY_CRYPTO ssl_protocol
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO ssl_protocol
301 Reflection Attack in an Authentication Protocol
302 Authentication Bypass by Assumed-Immutable Data
303 Incorrect Implementation of Authentication Algorithm
304 Missing Critical Step in Authentication
305 Authentication Bypass by Primary Weakness
306 Missing Authentication for Critical Function
  • MISSING_AUTHZ none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • MISSING_AUTHZ none
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • MISSING_AUTHZ none
  • MISSING_AUTHZ none
  • MISSING_AUTHZ none
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • MISSING_AUTHZ none
  • MISSING_AUTHZ none
307 Improper Restriction of Excessive Authentication Attempts
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
308 Use of Single-factor Authentication
309 Use of Password System for Primary Authentication
310 Cryptographic Issues
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • DISABLED_ENCRYPTION text_encryptor
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
311 Missing Encryption of Sensitive Data
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • DISABLED_ENCRYPTION text_encryptor
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
312 Cleartext Storage of Sensitive Information
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • HARDCODED_CREDENTIALS secret_in_source_med
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
313 Cleartext Storage in a File or on Disk
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
314 Cleartext Storage in the Registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
315 Cleartext Storage of Sensitive Information in a Cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
316 Cleartext Storage of Sensitive Information in Memory
317 Cleartext Storage of Sensitive Information in GUI
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
318 Cleartext Storage of Sensitive Information in Executable
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS secret_in_source_med
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
319 Cleartext Transmission of Sensitive Information
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • DISABLED_ENCRYPTION text_encryptor
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
320 Key Management Errors
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
321 Use of Hard-coded Cryptographic Key
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
322 Key Exchange without Entity Authentication
323 Reusing a Nonce, Key Pair in Encryption
324 Use of a Key Past its Expiration Date
325 Missing Cryptographic Step
326 Inadequate Encryption Strength
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
327 Use of a Broken or Risky Cryptographic Algorithm
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
328 Reversible One-Way Hash
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
329 Not Using a Random IV with CBC Mode
330 Use of Insufficiently Random Values
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS secret_in_source_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
331 Insufficient Entropy
332 Insufficient Entropy in PRNG
333 Improper Handling of Insufficient Entropy in TRNG
334 Small Space of Random Values
335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
336 Same Seed in Pseudo-Random Number Generator (PRNG)
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
339 Small Seed Space in PRNG
340 Generation of Predictable Numbers or Identifiers
341 Predictable from Observable State
342 Predictable Exact Value from Previous Values
343 Predictable Value Range from Previous Values
344 Use of Invariant Value in Dynamically Changing Context
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS secret_in_source_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
345 Insufficient Verification of Data Authenticity
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CSRF database_update
  • CSRF none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
346 Origin Validation Error
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
347 Improper Verification of Cryptographic Signature
348 Use of Less Trusted Source
349 Acceptance of Extraneous Untrusted Data With Trusted Data
350 Reliance on Reverse DNS Resolution for a Security-Critical Action
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
351 Insufficient Type Distinction
352 Cross-Site Request Forgery (CSRF)
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CSRF database_update
  • CSRF none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
353 Missing Support for Integrity Check
354 Improper Validation of Integrity Check Value
355 User Interface Security Issues
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • CSS_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • CSS_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
356 Product UI does not Warn User of Unsafe Actions
357 Insufficient UI Warning of Dangerous Operations
358 Improperly Implemented Security Check for Standard
359 Exposure of Private Personal Information to an Unauthorized Actor
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • DISABLED_ENCRYPTION text_encryptor
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION unencrypted_connection
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
360 Trust of System Event Data
361 7PK - Time and State
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_AUTHZ none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DEADLOCK none
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_dynamic_finder_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • NO_EFFECT self_assign
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LOCK_EVASION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • GUARDED_BY_VIOLATION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • MISSING_LOCK none
  • TOCTOU none
  • MISSING_LOCK none
  • TOCTOU none
  • GUARDED_BY_VIOLATION none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • MISSING_LOCK none
  • TOCTOU none
363 Race Condition Enabling Link Following
364 Signal Handler Race Condition
365 Race Condition in Switch
366 Race Condition within a Thread
  • GUARDED_BY_VIOLATION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • MISSING_LOCK none
  • MISSING_LOCK none
  • GUARDED_BY_VIOLATION none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • MISSING_LOCK none
367 Time-of-check Time-of-use (TOCTOU) Race Condition
  • TOCTOU none
  • TOCTOU none
  • TOCTOU none
368 Context Switching Race Condition
369 Divide By Zero
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • PW.DIVIDE_BY_ZERO none
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • PW.DIVIDE_BY_ZERO none
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
370 Missing Check for Certificate Revocation after Initial Check
371 State Issues
  • UNRESTRICTED_DISPATCH none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • UNRESTRICTED_DISPATCH none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • UNRESTRICTED_DISPATCH none
372 Incomplete Internal State Distinction
373 DEPRECATED: State Synchronization Error
374 Passing Mutable Objects to an Untrusted Method
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
375 Returning a Mutable Object to an Untrusted Caller
376 DEPRECATED: Temporary File Issues
  • SECURE_TEMP none
  • SECURE_TEMP none
377 Insecure Temporary File
  • SECURE_TEMP none
  • SECURE_TEMP none
378 Creation of Temporary File With Insecure Permissions
379 Creation of Temporary File in Directory with Insecure Permissions
380 DEPRECATED: Technology-Specific Time and State Issues
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • FB.DM_EXIT none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • SINGLETON_RACE none
  • LOCK_EVASION none
381 DEPRECATED: J2EE Time and State Issues
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • FB.DM_EXIT none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • SINGLETON_RACE none
  • LOCK_EVASION none
382 J2EE Bad Practices: Use of System.exit()
  • FB.DM_EXIT none
383 J2EE Bad Practices: Direct Use of Threads
384 Session Fixation
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • SESSION_FIXATION none
385 Covert Timing Channel
386 Symbolic Name not Mapping to Correct Object
387 Signal Errors
388 7PK - Errors
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK lock_assert
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK lock_assert
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK lock_assert
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK lock_assert
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
389 Error Conditions, Return Values, Status Codes
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK lock_assert
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK lock_assert
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK lock_assert
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK lock_assert
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
390 Detection of Error Condition Without Action
  • MISSING_THROW none
  • MISSING_THROW none
391 Unchecked Error Condition
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
392 Missing Report of Error Condition
393 Return of Wrong Status Code
394 Unexpected Status Code or Return Value
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
396 Declaration of Catch for Generic Exception
  • FB.REC_CATCH_EXCEPTION none
397 Declaration of Throws for Generic Exception
398 7PK - Code Quality
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK_INVERSION none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • ENUM_AS_BOOLEAN none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK double_lock
  • LOCK lock_assert
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • PASS_BY_VALUE none
  • PRINTF_ARGS invalid_printf_format_string
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • ENUM_AS_BOOLEAN none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK double_lock
  • LOCK lock_assert
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • PASS_BY_VALUE none
  • PRINTF_ARGS invalid_printf_format_string
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • LOCK_INVERSION none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • ENUM_AS_BOOLEAN none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK double_lock
  • LOCK lock_assert
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • PASS_BY_VALUE none
  • PRINTF_ARGS invalid_printf_format_string
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NOSQL_QUERY_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • REVERSE_INULL none
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NULL_RETURNS none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
399 Resource Management Errors
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • LOCK double_lock
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • ORDER_REVERSAL none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • LOCK double_lock
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • ORDER_REVERSAL none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • LOCK double_lock
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • LOCK double_lock
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • ORDER_REVERSAL none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNSAFE_DESERIALIZATION none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
400 Uncontrolled Resource Consumption
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
401 Missing Release of Memory after Effective Lifetime
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
402 Transmission of Private Resources into a New Sphere ('Resource Leak')
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK socket
403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK socket
404 Improper Resource Shutdown or Release
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
405 Asymmetric Resource Consumption (Amplification)
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
406 Insufficient Control of Network Message Volume (Network Amplification)
407 Inefficient Algorithmic Complexity
408 Incorrect Behavior Order: Early Amplification
409 Improper Handling of Highly Compressed Data (Data Amplification)
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
410 Insufficient Resource Pool
411 Resource Locking Problems
  • LOCK_INVERSION none
  • LOCK double_lock
  • ORDER_REVERSAL none
  • LOCK double_lock
  • ORDER_REVERSAL none
  • LOCK double_lock
  • LOCK_INVERSION none
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • LOCK_INVERSION none
  • LOCK double_lock
  • ORDER_REVERSAL none
412 Unrestricted Externally Accessible Lock
413 Improper Resource Locking
414 Missing Lock Check
415 Double Free
  • COM.BSTR.ALLOC double_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE double_free
416 Use After Free
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
417 Communication Channel Errors
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • UNSAFE_JNI none
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
418 DEPRECATED: Channel Errors
419 Unprotected Primary Channel
420 Unprotected Alternate Channel
421 Race Condition During Access to Alternate Channel
422 Unprotected Windows Messaging Channel ('Shatter')
423 DEPRECATED (Duplicate): Proxied Trusted Channel
424 Improper Protection of Alternate Path
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
425 Direct Request ('Forced Browsing')
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
426 Untrusted Search Path
427 Uncontrolled Search Path Element
  • UNSAFE_JNI none
428 Unquoted Search Path or Element
429 Handler Errors
430 Deployment of Wrong Handler
431 Missing Handler
432 Dangerous Signal Handler not Disabled During Sensitive Operations
433 Unparsed Raw Web Content Delivery
434 Unrestricted Upload of File with Dangerous Type
435 Improper Interaction Between Multiple Correctly-Behaving Entities
  • XSS none
  • XSS stored_xss
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST endianness
  • XSS none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • INSECURE_HTTP_FIREWALL spring_security
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • INCOMPATIBLE_CAST endianness
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
436 Interpretation Conflict
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • INSECURE_HTTP_FIREWALL spring_security
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
437 Incomplete Model of Endpoint Features
438 Behavioral Problems
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • STRAY_SEMICOLON none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK lock_assert
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • SIZEOF_MISMATCH missing_parentheses
  • STRAY_SEMICOLON none
  • UNCAUGHT_EXCEPT none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK lock_assert
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • SIZEOF_MISMATCH missing_parentheses
  • STRAY_SEMICOLON none
  • UNCAUGHT_EXCEPT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK lock_assert
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_HTTP_FIREWALL spring_security
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • STRAY_SEMICOLON none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DOM_XSS none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • STRAY_SEMICOLON none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK lock_assert
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • SIZEOF_MISMATCH missing_parentheses
  • STRAY_SEMICOLON none
  • UNCAUGHT_EXCEPT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • STRAY_SEMICOLON none
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DOM_XSS none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • STRAY_SEMICOLON none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
439 Behavioral Change in New Version or Environment
440 Expected Behavior Violation
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
441 Unintended Proxy or Intermediary ('Confused Deputy')
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • URL_MANIPULATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • URL_MANIPULATION none
  • URL_MANIPULATION none
442 DEPRECATED: Web Problems
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • INSECURE_COOKIE dotnet
  • OPEN_REDIRECT none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • HEADER_INJECTION none
  • URL_MANIPULATION none
  • HEADER_INJECTION none
  • URL_MANIPULATION none
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OPEN_REDIRECT none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • OPEN_REDIRECT none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • HEADER_INJECTION none
  • URL_MANIPULATION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • OPEN_REDIRECT none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CSRF database_update
  • CSRF none
  • OPEN_REDIRECT none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • XML_EXTERNAL_ENTITY external_entities
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • OPEN_REDIRECT none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • OPEN_REDIRECT none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
443 DEPRECATED (Duplicate): HTTP response splitting
444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
445 DEPRECATED: User Interface Errors
446 UI Discrepancy for Security Feature
447 Unimplemented or Unsupported Feature in UI
448 Obsolete Feature in UI
449 The UI Performs the Wrong Action
450 Multiple Interpretations of UI Input
451 User Interface (UI) Misrepresentation of Critical Information
452 Initialization and Cleanup Errors
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • CALL_SUPER finalize
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
453 Insecure Default Variable Initialization
454 External Initialization of Trusted Variables or Data Stores
455 Non-exit on Failed Initialization
456 Missing Initialization of a Variable
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT bad_memset_zero_size
457 Use of Uninitialized Variable
  • PW.BRANCH_PAST_INITIALIZATION none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • PW.BRANCH_PAST_INITIALIZATION none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
458 DEPRECATED: Incorrect Initialization
459 Incomplete Cleanup
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • CALL_SUPER finalize
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
460 Improper Cleanup on Thrown Exception
461 DEPRECATED: Data Structure Issues
462 Duplicate Key in Associative List (Alist)
463 Deletion of Data Structure Sentinel
464 Addition of Data Structure Sentinel
465 Pointer Issues
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT no_effect_deref
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SIZEOF_MISMATCH sizeof_punning
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT no_effect_deref
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SIZEOF_MISMATCH sizeof_punning
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FB.BC_NULL_INSTANCEOF none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT no_effect_deref
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SIZEOF_MISMATCH sizeof_punning
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL bad_null_value_use
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • REVERSE_INULL none
466 Return of Pointer Value Outside of Expected Range
467 Use of sizeof() on a Pointer Type
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • SIZEOF_MISMATCH sizeof_punning
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • SIZEOF_MISMATCH sizeof_punning
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • SIZEOF_MISMATCH sizeof_punning
468 Incorrect Pointer Scaling
469 Use of Pointer Subtraction to Determine Size
470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
  • UNSAFE_NAMED_QUERY none
  • JSP_DYNAMIC_INCLUDE none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNSAFE_REFLECTION none
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_NAMED_QUERY none
471 Modification of Assumed-Immutable Data (MAID)
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
472 External Control of Assumed-Immutable Web Parameter
473 PHP External Variable Modification
474 Use of Function with Inconsistent Implementations
475 Undefined Behavior for Input to API
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_printf_format_string
476 NULL Pointer Dereference
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FB.BC_NULL_INSTANCEOF none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • REVERSE_INULL none
477 Use of Obsolete Function
478 Missing Default Case in Switch Statement
479 Signal Handler Use of a Non-reentrant Function
480 Use of Incorrect Operator
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
481 Assigning instead of Comparing
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
482 Comparing instead of Assigning
  • NO_EFFECT no_effect_test
  • NO_EFFECT no_effect_test
  • NO_EFFECT no_effect_test
483 Incorrect Block Delimitation
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
484 Omitted Break Statement in Switch
  • MISSING_BREAK none
  • MISSING_BREAK none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • MISSING_BREAK none
  • MISSING_BREAK none
  • MISSING_BREAK none
  • MISSING_BREAK none
  • MISSING_BREAK none
485 7PK - Encapsulation
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CALL_SUPER clone
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • TRUST_BOUNDARY_VIOLATION none
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
486 Comparison of Classes by Name
487 Reliance on Package-level Scope
488 Exposure of Data Element to Wrong Session
489 Active Debug Code
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
490 DEPRECATED: Mobile Code Issues
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
491 Public cloneable() Method Without Final ('Object Hijack')
492 Use of Inner Class Containing Sensitive Data
493 Critical Public Variable Without Final Modifier
  • FB.MS_CANNOT_BE_FINAL none
494 Download of Code Without Integrity Check
495 Private Data Structure Returned From A Public Method
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
496 Public Data Assigned to Private Array-Typed Field
497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
498 Cloneable Class Containing Sensitive Information
499 Serializable Class Containing Sensitive Data
500 Public Static Field Not Marked Final
  • FB.MS_CANNOT_BE_FINAL none
501 Trust Boundary Violation
  • TRUST_BOUNDARY_VIOLATION none
502 Deserialization of Untrusted Data
  • UNSAFE_DESERIALIZATION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
503 DEPRECATED: Byte/Object Code
504 DEPRECATED: Motivation/Intent
505 DEPRECATED: Intentionally Introduced Weakness
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • NOSQL_QUERY_INJECTION none
  • TEMPLATE_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • XPATH_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XPATH_INJECTION none
506 Embedded Malicious Code
507 Trojan Horse
508 Non-Replicating Malicious Code
509 Replicating Malicious Code (Virus or Worm)
510 Trapdoor
511 Logic/Time Bomb
512 Spyware
513 DEPRECATED: Intentionally Introduced Nonmalicious Weakness
514 Covert Channel
515 Covert Storage Channel
516 DEPRECATED (Duplicate): Covert Timing Channel
517 DEPRECATED: Other Intentional, Nonmalicious Weakness
518 DEPRECATED: Inadvertently Introduced Weakness
519 DEPRECATED: .NET Environment Issues
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
520 .NET Misconfiguration: Use of Impersonation
521 Weak Password Requirements
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
522 Insufficiently Protected Credentials
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
523 Unprotected Transport of Credentials
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_transmission
524 Use of Cache Containing Sensitive Information
525 Use of Web Browser Cache Containing Sensitive Information
526 Exposure of Sensitive Information Through Environmental Variables
527 Exposure of Version-Control Repository to an Unauthorized Control Sphere
528 Exposure of Core Dump File to an Unauthorized Control Sphere
529 Exposure of Access Control List Files to an Unauthorized Control Sphere
530 Exposure of Backup File to an Unauthorized Control Sphere
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
531 Inclusion of Sensitive Information in Test Code
532 Insertion of Sensitive Information into Log File
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
533 DEPRECATED: Information Exposure Through Server Log Files
534 DEPRECATED: Information Exposure Through Debug Log Files
535 Exposure of Information Through Shell Error Message
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
536 Servlet Runtime Error Message Containing Sensitive Information
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
537 Java Runtime Error Message Containing Sensitive Information
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
538 Insertion of Sensitive Information into Externally-Accessible File or Directory
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • EXPOSED_PREFERENCES none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
539 Use of Persistent Cookies Containing Sensitive Information
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
540 Inclusion of Sensitive Information in Source Code
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
541 Inclusion of Sensitive Information in an Include File
542 DEPRECATED: Information Exposure Through Cleanup Log Files
543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • SINGLETON_RACE none
  • LOCK_EVASION none
544 Missing Standardized Error Handling Mechanism
545 DEPRECATED: Use of Dynamic Class Loading
546 Suspicious Comment
547 Use of Hard-coded, Security-relevant Constants
548 Exposure of Information Through Directory Listing
549 Missing Password Field Masking
550 Server-generated Error Message Containing Sensitive Information
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
552 Files or Directories Accessible to External Parties
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
553 Command Shell in Externally Accessible Directory
554 ASP.NET Misconfiguration: Not Using Input Validation Framework
555 J2EE Misconfiguration: Plaintext Password in Configuration File
556 ASP.NET Misconfiguration: Use of Identity Impersonation
557 Concurrency Issues
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • MISSING_LOCK none
  • TOCTOU none
  • MISSING_LOCK none
  • TOCTOU none
  • GUARDED_BY_VIOLATION none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • FB.ESYNC_EMPTY_SYNC none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.RU_INVOKE_RUN none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • MISSING_LOCK none
  • TOCTOU none
  • LOCK_EVASION none
558 Use of getlogin() in Multithreaded Application
559 DEPRECATED: Often Misused: Arguments and Parameters
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE none
  • NEGATIVE_RETURNS critical_argument
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE none
  • NEGATIVE_RETURNS critical_argument
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • SWAPPED_ARGUMENTS none
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_COMPARE none
  • NEGATIVE_RETURNS critical_argument
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SWAPPED_ARGUMENTS none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • SWAPPED_ARGUMENTS none
560 Use of umask() with chmod-style Argument
561 Dead Code
  • BAD_EQ_TYPES none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
562 Return of Stack Variable Address
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
563 Assignment to Variable without Use
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
564 SQL Injection: Hibernate
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
565 Reliance on Cookies without Validation and Integrity Checking
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
566 Authorization Bypass Through User-Controlled SQL Primary Key
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
567 Unsynchronized Access to Shared Data in a Multithreaded Context
  • GUARDED_BY_VIOLATION none
  • NON_STATIC_GUARDING_STATIC none
  • MISSING_LOCK none
  • MISSING_LOCK none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • MISSING_LOCK none
568 finalize() Method Without super.finalize()
  • CALL_SUPER finalize
569 Expression Issues
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
570 Expression is Always False
  • BAD_EQ_TYPES none
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
571 Expression is Always True
  • FB.BC_VACUOUS_INSTANCEOF none
572 Call to Thread run() instead of start()
  • FB.RU_INVOKE_RUN none
573 Improper Following of Specification by Caller
  • CALL_SUPER none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.BSTR.ALLOC double_free
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK double_lock
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • ORM_LOAD_NULL_CHECK none
  • SWAPPED_ARGUMENTS none
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SWAPPED_ARGUMENTS none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • CALL_SUPER none
  • SWAPPED_ARGUMENTS none
574 EJB Bad Practices: Use of Synchronization Primitives
575 EJB Bad Practices: Use of AWT Swing
576 EJB Bad Practices: Use of Java I/O
577 EJB Bad Practices: Use of Sockets
578 EJB Bad Practices: Use of Class Loader
579 J2EE Bad Practices: Non-serializable Object Stored in Session
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
580 clone() Method Without super.clone()
  • CALL_SUPER clone
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
581 Object Model Violation: Just One of Equals and Hashcode Defined
582 Array Declared Public, Final, and Static
583 finalize() Method Declared Public
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
584 Return Inside Finally Block
585 Empty Synchronized Block
  • FB.ESYNC_EMPTY_SYNC none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
586 Explicit Call to Finalize()
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
587 Assignment of a Fixed Address to a Pointer
588 Attempt to Access Child of a Non-structure Pointer
589 Call to Non-ubiquitous API
590 Free of Memory not on the Heap
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
591 Sensitive Data Storage in Improperly Locked Memory
592 DEPRECATED: Authentication Bypass Issues
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • MULTER_MISCONFIGURATION multer_applied_globally
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • MULTER_MISCONFIGURATION multer_applied_globally
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
594 J2EE Framework: Saving Unserializable Objects to Disk
595 Comparison of Object References Instead of Object Contents
  • BAD_EQ referential
  • BAD_COMPARE string_lit_comparison
  • BAD_COMPARE string_lit_comparison
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • BAD_COMPARE string_lit_comparison
596 DEPRECATED: Incorrect Semantic Object Comparison
  • HIBERNATE_BAD_HASHCODE bad_equals
597 Use of Wrong Operator in String Comparison
  • BAD_COMPARE string_lit_comparison
  • BAD_COMPARE string_lit_comparison
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • BAD_COMPARE string_lit_comparison
598 Use of GET Request Method With Sensitive Query Strings
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
599 Missing Validation of OpenSSL Certificate
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
600 Uncaught Exception in Servlet
601 URL Redirection to Untrusted Site ('Open Redirect')
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • OPEN_REDIRECT none
602 Client-Side Enforcement of Server-Side Security
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
603 Use of Client-Side Authentication
604 Deprecated Entries
605 Multiple Binds to the Same Port
606 Unchecked Input for Loop Condition
  • NEGATIVE_RETURNS loop_bound
  • TAINTED_SCALAR loop_bound
  • NEGATIVE_RETURNS loop_bound
  • TAINTED_SCALAR loop_bound
  • NEGATIVE_RETURNS loop_bound
  • TAINTED_SCALAR loop_bound
607 Public Static Final Field References Mutable Object
608 Struts: Non-private Field in ActionForm Class
609 Double-Checked Locking
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
610 Externally Controlled Reference to a Resource in Another Sphere
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • OPEN_REDIRECT none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • URL_MANIPULATION none
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT none
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XML_EXTERNAL_ENTITY external_entities
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
611 Improper Restriction of XML External Entity Reference
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
612 Improper Authorization of Index Containing Sensitive Information
613 Insufficient Session Expiration
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
  • INSECURE_COOKIE dotnet
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
615 Inclusion of Sensitive Information in Source Code Comments
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
616 Incomplete Identification of Uploaded File Variables (PHP)
617 Reachable Assertion
  • LOCK lock_assert
  • LOCK lock_assert
  • LOCK lock_assert
  • LOCK lock_assert
618 Exposed Unsafe ActiveX Method
619 Dangling Database Cursor ('Cursor Injection')
620 Unverified Password Change
621 Variable Extraction Error
622 Improper Validation of Function Hook Arguments
623 Unsafe ActiveX Control Marked Safe For Scripting
624 Executable Regular Expression Error
625 Permissive Regular Expression
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
626 Null Byte Interaction Error (Poison Null Byte)
627 Dynamic Variable Evaluation
628 Function Call with Incorrectly Specified Arguments
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE none
  • NEGATIVE_RETURNS critical_argument
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE none
  • NEGATIVE_RETURNS critical_argument
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • SWAPPED_ARGUMENTS none
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_COMPARE none
  • NEGATIVE_RETURNS critical_argument
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SWAPPED_ARGUMENTS none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • SWAPPED_ARGUMENTS none
629 Weaknesses in OWASP Top Ten (2007)
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO hashing
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XPATH_INJECTION none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO hashing
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO hashing
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO hashing
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO hashing
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO hashing
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
630 DEPRECATED: Weaknesses Examined by SAMATE
631 DEPRECATED: Resource-specific Weaknesses
632 DEPRECATED: Weaknesses that Affect Files or Directories
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
633 DEPRECATED: Weaknesses that Affect Memory
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
634 DEPRECATED: Weaknesses that Affect System Processes
  • GUARDED_BY_VIOLATION none
  • HEADER_INJECTION none
  • NON_STATIC_GUARDING_STATIC none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • RESOURCE_LEAK socket
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • HEADER_INJECTION none
  • MISSING_LOCK none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • MISSING_LOCK none
  • OS_CMD_INJECTION none
  • GUARDED_BY_VIOLATION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.RU_INVOKE_RUN none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HEADER_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NON_STATIC_GUARDING_STATIC none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • RESOURCE_LEAK socket
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • HEADER_INJECTION none
  • MISSING_LOCK none
  • OS_CMD_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • RESOURCE_LEAK socket
635 Weaknesses Originally Used by NVD from 2008 to 2016
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FLOATING_POINT_EQUALITY none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • LOCK double_lock
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DEADLOCK none
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
636 Not Failing Securely ('Failing Open')
637 Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
638 Not Using Complete Mediation
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
639 Authorization Bypass Through User-Controlled Key
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
640 Weak Password Recovery Mechanism for Forgotten Password
641 Improper Restriction of Names for Files and Other Resources
642 External Control of Critical State Data
  • UNRESTRICTED_DISPATCH none
  • UNRESTRICTED_DISPATCH none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • UNRESTRICTED_DISPATCH none
643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
644 Improper Neutralization of HTTP Headers for Scripting Syntax
645 Overly Restrictive Account Lockout Mechanism
646 Reliance on File Name or Extension of Externally-Supplied File
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_custom_file_filter
647 Use of Non-Canonical URL Paths for Authorization Decisions
648 Incorrect Use of Privileged APIs
649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
650 Trusting HTTP Permission Methods on the Server Side
  • CONFIG.HTTP_VERB_TAMPERING none
  • INSECURE_HTTP_FIREWALL spring_security
651 Exposure of WSDL File Containing Sensitive Information
652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
653 Insufficient Compartmentalization
654 Reliance on a Single Factor in a Security Decision
655 Insufficient Psychological Acceptability
656 Reliance on Security Through Obscurity
657 Violation of Secure Design Principles
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS secret_in_source_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
658 Weaknesses in Software Written in C
659 Weaknesses in Software Written in C++
660 Weaknesses in Software Written in Java
661 Weaknesses in Software Written in PHP
  • RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
662 Improper Synchronization
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.RU_INVOKE_RUN none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK_EVASION none
663 Use of a Non-reentrant Function in a Concurrent Context
664 Improper Control of a Resource Through its Lifetime
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_AUTHZ none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DEADLOCK none
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_dynamic_finder_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • NO_EFFECT self_assign
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LOCK_EVASION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
665 Improper Initialization
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
666 Operation on Resource in Wrong Phase of Lifetime
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • USE_AFTER_FREE none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
667 Improper Locking
  • LOCK_INVERSION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • LOCK_INVERSION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
668 Exposure of Resource to Wrong Sphere
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • INSECURE_COOKIE dotnet
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • PATH_MANIPULATION none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • PATH_MANIPULATION none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_DYNAMIC_INCLUDE none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COOKIE missing_httponly_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_DISPATCH none
669 Incorrect Resource Transfer Between Spheres
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CHROOT none
  • CHROOT none
  • JAVA_CODE_INJECTION none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • MISSING_IFRAME_SANDBOX none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CHROOT none
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • MISSING_IFRAME_SANDBOX none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
670 Always-Incorrect Control Flow Implementation
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • STRAY_SEMICOLON none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • LOCK lock_assert
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • SIZEOF_MISMATCH missing_parentheses
  • STRAY_SEMICOLON none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • LOCK lock_assert
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • SIZEOF_MISMATCH missing_parentheses
  • STRAY_SEMICOLON none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • LOCK lock_assert
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • STRAY_SEMICOLON none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • STRAY_SEMICOLON none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • LOCK lock_assert
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • SIZEOF_MISMATCH missing_parentheses
  • STRAY_SEMICOLON none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • STRAY_SEMICOLON none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • STRAY_SEMICOLON none
671 Lack of Administrator Control over Security
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS secret_in_source_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
672 Operation on a Resource after Expiration or Release
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • USE_AFTER_FREE none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
673 External Influence of Sphere Definition
674 Uncontrolled Recursion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
675 Duplicate Operations on Resource
  • COM.BSTR.ALLOC double_free
  • LOCK double_lock
  • USE_AFTER_FREE double_free
  • LOCK double_lock
  • USE_AFTER_FREE double_free
  • LOCK double_lock
  • LOCK double_lock
  • USE_AFTER_FREE double_free
676 Use of Potentially Dangerous Function
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • SECURE_CODING none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • SECURE_CODING none
  • DC.DANGEROUS none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • SECURE_CODING none
677 Weakness Base Elements
678 Composites
679 DEPRECATED: Chain Elements
680 Integer Overflow to Buffer Overflow
681 Incorrect Conversion between Numeric Types
  • CHAR_IO none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • SIGN_EXTENSION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • CHAR_IO none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • SIGN_EXTENSION none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • CHAR_IO none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • SIGN_EXTENSION none
682 Incorrect Calculation
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • COM.BSTR.CONV none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • OVERFLOW_BEFORE_WIDEN none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • OVERFLOW_BEFORE_WIDEN none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • OVERFLOW_BEFORE_WIDEN none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • OVERFLOW_BEFORE_WIDEN none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
683 Function Call With Incorrect Order of Arguments
  • SWAPPED_ARGUMENTS none
  • SWAPPED_ARGUMENTS none
  • SWAPPED_ARGUMENTS none
  • SWAPPED_ARGUMENTS none
  • SWAPPED_ARGUMENTS none
  • SWAPPED_ARGUMENTS none
684 Incorrect Provision of Specified Functionality
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
685 Function Call With Incorrect Number of Arguments
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS missing_printf_arg
686 Function Call With Incorrect Argument Type
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
687 Function Call With Incorrectly Specified Argument Value
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS critical_argument
688 Function Call With Incorrect Variable or Reference as Argument
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
689 Permission Race Condition During Resource Copy
690 Unchecked Return Value to NULL Pointer Dereference
691 Insufficient Control Flow Management
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • GUARDED_BY_VIOLATION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • STRAY_SEMICOLON none
  • UNKNOWN_LANGUAGE_INJECTION none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ATOMICITY none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISSING_BREAK none
  • MISSING_LOCK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • ORDER_REVERSAL none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • SIZEOF_MISMATCH missing_parentheses
  • SLEEP none
  • STRAY_SEMICOLON none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • XPATH_INJECTION none
  • ATOMICITY none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISSING_BREAK none
  • MISSING_LOCK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • ORDER_REVERSAL none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • SIZEOF_MISMATCH missing_parentheses
  • SLEEP none
  • STRAY_SEMICOLON none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • GUARDED_BY_VIOLATION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • SLEEP none
  • TEMPLATE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DM_EXIT none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • STRAY_SEMICOLON none
  • UNKNOWN_LANGUAGE_INJECTION none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • STRAY_SEMICOLON none
  • TEMPLATE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ATOMICITY none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISSING_BREAK none
  • MISSING_LOCK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • ORDER_REVERSAL none
  • SIZEOF_MISMATCH missing_parentheses
  • SLEEP none
  • STRAY_SEMICOLON none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • STRAY_SEMICOLON none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • STRAY_SEMICOLON none
  • TEMPLATE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK_EVASION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
692 Incomplete Denylist to Cross-Site Scripting
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
693 Protection Mechanism Failure
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSUFFICIENT_LOGGING logging_obligation
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
694 Use of Multiple Resources with Duplicate Identifier
695 Use of Low-Level Functionality
696 Incorrect Behavior Order
697 Incorrect Comparison
  • BAD_EQ referential
  • BAD_COMPARE string_lit_comparison
  • BAD_COMPARE string_lit_comparison
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • REGEX_CONFUSION none
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • BAD_COMPARE string_lit_comparison
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
698 Execution After Redirect (EAR)
699 Software Development
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • SWAPPED_ARGUMENTS none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USELESS_CALL none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • AUTOSAR C++14 M0-1-1 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FLOATING_POINT_EQUALITY none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 0-1-1 none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA C-2004 Rule 8.7 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USELESS_CALL none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • AUTOSAR C++14 M0-1-1 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 0-1-1 none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA C-2004 Rule 8.7 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USELESS_CALL none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_DOH none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IMPLICIT_INTENT none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USELESS_CALL none
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USELESS_CALL none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • SYMFONY_EL_INJECTION none
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CSRF database_update
  • CSRF none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CALL_SUPER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
700 Seven Pernicious Kingdoms
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • ENUM_AS_BOOLEAN none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • ENUM_AS_BOOLEAN none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_DOH none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • ENUM_AS_BOOLEAN none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DEADCODE none
  • DEADCODE redundant_test
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CALL_SUPER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
701 Weaknesses Introduced During Design
702 Weaknesses Introduced During Implementation
703 Improper Check or Handling of Exceptional Conditions
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
704 Incorrect Type Conversion or Cast
  • CHAR_IO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • SIGN_EXTENSION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • CHAR_IO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • SIGN_EXTENSION none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • CHAR_IO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • SIGN_EXTENSION none
  • SQLI sql_injection_dynamic_finder_med
705 Incorrect Control Flow Scoping
  • UNCAUGHT_EXCEPT none
  • UNCAUGHT_EXCEPT none
  • FB.DM_EXIT none
  • FB.REC_CATCH_EXCEPTION none
  • UNCAUGHT_EXCEPT none
706 Use of Incorrectly-Resolved Name or Reference
  • PATH_MANIPULATION none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • JSP_DYNAMIC_INCLUDE none
  • PATH_MANIPULATION none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
707 Improper Neutralization
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
708 Incorrect Ownership Assignment
709 Named Chains
710 Improper Adherence to Coding Standards
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • CALL_SUPER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK_INVERSION none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HFA none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • PASS_BY_VALUE none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • STACK_USE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • PASS_BY_VALUE none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • STACK_USE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • XML_EXTERNAL_ENTITY entity_expansion
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_DOH none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_HTTP_FIREWALL spring_security
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • LOCK_INVERSION none
  • MISSING_BREAK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • ORM_LOAD_NULL_CHECK none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • PASS_BY_VALUE none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • STACK_USE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • CALL_SUPER none
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NULL_RETURNS none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
711 Weaknesses in OWASP Top Ten (2004)
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_THROW none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE comparator_misuse
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK lock_assert
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE comparator_misuse
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK lock_assert
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • LOCK lock_assert
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BC_NULL_INSTANCEOF none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DM_EXIT none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE comparator_misuse
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK lock_assert
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • CSRF database_update
  • CSRF none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • WEAK_BIOMETRIC_AUTH none
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
712 OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
713 OWASP Top Ten 2007 Category A2 - Injection Flaws
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • HEADER_INJECTION none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
714 OWASP Top Ten 2007 Category A3 - Malicious File Execution
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SCRIPT_CODE_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • PATH_MANIPULATION none
  • SQLI none
  • PATH_MANIPULATION none
  • SQLI none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • PATH_MANIPULATION none
  • SQLI none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
716 OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CSRF database_update
  • CSRF none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
717 OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION unencrypted_connection
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
718 OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • DISABLED_ENCRYPTION text_encryptor
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
720 OWASP Top Ten 2007 Category A9 - Insecure Communications
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • DISABLED_ENCRYPTION text_encryptor
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO hashing
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • IMPLICIT_INTENT none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • IMPLICIT_INTENT none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
722 OWASP Top Ten 2004 Category A1 - Unvalidated Input
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
723 OWASP Top Ten 2004 Category A2 - Broken Access Control
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MOBILE_ID_MISUSE none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
726 OWASP Top Ten 2004 Category A5 - Buffer Overflows
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
727 OWASP Top Ten 2004 Category A6 - Injection Flaws
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
728 OWASP Top Ten 2004 Category A7 - Improper Error Handling
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK lock_assert
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK lock_assert
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK lock_assert
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK lock_assert
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
729 OWASP Top Ten 2004 Category A8 - Insecure Storage
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • DISABLED_ENCRYPTION text_encryptor
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
730 OWASP Top Ten 2004 Category A9 - Denial of Service
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PW.DIVIDE_BY_ZERO none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK no_null_terminator
  • STACK_USE none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR divisor
  • UNCAUGHT_EXCEPT none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PW.DIVIDE_BY_ZERO none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK no_null_terminator
  • STACK_USE none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR divisor
  • UNCAUGHT_EXCEPT none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BC_NULL_INSTANCEOF none
  • FB.DM_EXIT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NULL_RETURNS none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK no_null_terminator
  • STACK_USE none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR divisor
  • UNCAUGHT_EXCEPT none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • FORWARD_NULL bad_null_value_use
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • FORWARD_NULL bad_null_value_use
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NULL_RETURNS none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • XML_EXTERNAL_ENTITY entity_expansion
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • INSECURE_COOKIE dotnet
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUTOSAR C++14 A15-3-3 none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUTOSAR C++14 A15-3-3 none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER finalize
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_HTTP_FIREWALL spring_security
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • INSECURE_COOKIE missing_httponly_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
732 Incorrect Permission Assignment for Critical Resource
  • INSECURE_COOKIE dotnet
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE missing_httponly_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
733 Compiler Optimization Removal or Modification of Security-critical Code
734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XSS none
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_DOH none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNREACHABLE none
  • UNSAFE_REFLECTION none
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE missing_httponly_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE none
  • NEGATIVE_RETURNS critical_argument
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE none
  • NEGATIVE_RETURNS critical_argument
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • SWAPPED_ARGUMENTS none
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_COMPARE none
  • NEGATIVE_RETURNS critical_argument
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SWAPPED_ARGUMENTS none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • SWAPPED_ARGUMENTS none
737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • REVERSE_INULL none
  • SIGN_EXTENSION none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SWAPPED_ARGUMENTS none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • REVERSE_INULL none
  • SIGN_EXTENSION none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SWAPPED_ARGUMENTS none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FB.BC_NULL_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SWAPPED_ARGUMENTS none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • EXPLICIT_THIS_EXPECTED none
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • NULL_RETURNS none
  • REVERSE_INULL none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • REVERSE_INULL none
  • SIGN_EXTENSION none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SWAPPED_ARGUMENTS none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • REVERSE_INULL none
  • SQLI sql_injection_dynamic_finder_med
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • EXPLICIT_THIS_EXPECTED none
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • REVERSE_INULL none
  • SWAPPED_ARGUMENTS none
738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • DC.DANGEROUS none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • COM.BSTR.CONV none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS invalid_type_printf_arg
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • OVERFLOW_BEFORE_WIDEN none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BRANCH_PAST_INITIALIZATION none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BRANCH_PAST_INITIALIZATION none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • READLINK none
  • REVERSE_NEGATIVE critical_argument
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • READLINK none
  • REVERSE_NEGATIVE critical_argument
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PRINTF_ARGS invalid_type_printf_arg
  • READLINK none
  • REVERSE_NEGATIVE critical_argument
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • SQLI sql_injection_dynamic_finder_med
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • EL_INJECTION none
  • FB.BC_NULL_INSTANCEOF none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • FORWARD_NULL bad_null_value_use
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • GUARDED_BY_VIOLATION none
  • INSECURE_COOKIE dotnet
  • NON_STATIC_GUARDING_STATIC none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • DC.DANGEROUS none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JSP_DYNAMIC_INCLUDE none
  • NON_STATIC_GUARDING_STATIC none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_type_printf_arg
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • INSECURE_COOKIE missing_httponly_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • FB.DM_EXIT none
  • FB.REC_CATCH_EXCEPTION none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.RU_INVOKE_RUN none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK_EVASION none
746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • DC.DANGEROUS none
  • EL_INJECTION none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DM_EXIT none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • EL_INJECTION none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MOBILE_ID_MISUSE none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNREACHABLE none
  • UNSAFE_REFLECTION none
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • HARDCODED_CREDENTIALS secret_in_source_med
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING session_secret_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • OVERFLOW_BEFORE_WIDEN none
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)
  • GUARDED_BY_VIOLATION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • READLINK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SIZECHECK no_null_terminator
  • SLEEP none
  • STRING_NULL none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • READLINK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SIZECHECK no_null_terminator
  • SLEEP none
  • STRING_NULL none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • PRINTF_ARGS invalid_type_printf_arg
  • READLINK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SIZECHECK no_null_terminator
  • SLEEP none
  • STRING_NULL none
749 Exposed Dangerous Method or Function
750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
751 2009 Top 25 - Insecure Interaction Between Components
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • GUARDED_BY_VIOLATION none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • GUARDED_BY_VIOLATION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • COOKIE_INJECTION none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION insecure_connection
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • CSRF database_update
  • CSRF none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • COOKIE_INJECTION none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION insecure_connection
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
752 2009 Top 25 - Risky Resource Management
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • NOSQL_QUERY_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • NOSQL_QUERY_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • NO_EFFECT self_assign
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNRESTRICTED_DISPATCH none
  • XPATH_INJECTION none
753 2009 Top 25 - Porous Defenses
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
754 Improper Check for Unusual or Exceptional Conditions
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • ORM_LOAD_NULL_CHECK none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
755 Improper Handling of Exceptional Conditions
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.REC_CATCH_EXCEPTION none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
756 Missing Custom Error Page
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
759 Use of a One-Way Hash without a Salt
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_no_salt
760 Use of a One-Way Hash with a Predictable Salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • INSECURE_SALT hardcoded
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • INSECURE_SALT hardcoded
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
761 Free of Pointer not at Start of Buffer
762 Mismatched Memory Management Routines
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.BAD_FREE none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
763 Release of Invalid Pointer or Reference
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.BAD_FREE none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
764 Multiple Locks of a Critical Resource
  • LOCK double_lock
  • LOCK double_lock
  • LOCK double_lock
  • LOCK double_lock
765 Multiple Unlocks of a Critical Resource
766 Critical Data Element Declared Public
767 Access to Critical Private Variable via Public Method
768 Incorrect Short Circuit Evaluation
769 DEPRECATED: Uncontrolled File Descriptor Consumption
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK fds_handles
770 Allocation of Resources Without Limits or Throttling
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR allocation
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • TAINTED_SCALAR allocation
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
771 Missing Reference to Active Allocated Resource
772 Missing Release of Resource after Effective Lifetime
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
773 Missing Reference to Active File Descriptor or Handle
774 Allocation of File Descriptors or Handles Without Limits or Throttling
775 Missing Release of File Descriptor or Handle after Effective Lifetime
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK fds_handles
776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
777 Regular Expression without Anchors
  • REGEX_MISSING_ANCHOR validation_regex_hi
778 Insufficient Logging
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_LOGGING logging_obligation
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
779 Logging of Excessive Data
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
780 Use of RSA Algorithm without OAEP
781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
782 Exposed IOCTL with Insufficient Access Control
783 Operator Precedence Logic Error
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • BAD_COMPARE misuse_of_not
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • SIZEOF_MISMATCH missing_parentheses
  • BAD_COMPARE misuse_of_not
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • SIZEOF_MISMATCH missing_parentheses
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • BAD_COMPARE misuse_of_not
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • SIZEOF_MISMATCH missing_parentheses
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
785 Use of Path Manipulation Function without Maximum-sized Buffer
786 Access of Memory Location Before Start of Buffer
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
787 Out-of-bounds Write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
788 Access of Memory Location After End of Buffer
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
789 Uncontrolled Memory Allocation
790 Improper Filtering of Special Elements
791 Incomplete Filtering of Special Elements
792 Incomplete Filtering of One or More Instances of Special Elements
793 Only Filtering One Instance of a Special Element
794 Incomplete Filtering of Multiple Instances of Special Elements
795 Only Filtering Special Elements at a Specified Location
796 Only Filtering Special Elements Relative to a Marker
797 Only Filtering Special Elements at an Absolute Position
798 Use of Hard-coded Credentials
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS secret_in_source_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
799 Improper Control of Interaction Frequency
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_AUTHZ none
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XSS none
  • XSS stored_xss
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • FB.BC_NULL_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF database_update
  • CSRF none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • CONFIG.ATS_INSECURE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XSS none
  • XSS stored_xss
801 2010 Top 25 - Insecure Interaction Between Components
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • GUARDED_BY_VIOLATION none
  • NON_STATIC_GUARDING_STATIC none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XSS none
  • XSS stored_xss
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_LOCK none
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_LOCK none
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • GUARDED_BY_VIOLATION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • JSP_SQL_INJECTION none
  • NON_STATIC_GUARDING_STATIC none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_LOCK none
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF database_update
  • CSRF none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XSS none
  • XSS stored_xss
802 2010 Top 25 - Risky Resource Management
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • PATH_MANIPULATION none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • JSP_DYNAMIC_INCLUDE none
  • ORM_LOAD_NULL_CHECK none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
803 2010 Top 25 - Porous Defenses
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ANDROID_CAPABILITY_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
804 Guessable CAPTCHA
805 Buffer Access with Incorrect Length Value
806 Buffer Access Using Size of Source Buffer
807 Reliance on Untrusted Inputs in a Security Decision
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
808 2010 Top 25 - Weaknesses On the Cusp
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • CHAR_IO none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SIGN_EXTENSION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • CHAR_IO none
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SIGN_EXTENSION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REVERSE_INULL none
  • USE_AFTER_FREE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • NULL_RETURNS none
  • REVERSE_INULL none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • CHAR_IO none
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SIGN_EXTENSION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • REVERSE_INULL none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • NULL_RETURNS none
  • REVERSE_INULL none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • NULL_RETURNS none
  • REVERSE_INULL none
809 Weaknesses in OWASP Top Ten (2010)
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • AUTOSAR C++14 A15-3-3 none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • AUTOSAR C++14 A15-3-3 none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION none
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
810 OWASP Top Ten 2010 Category A1 - Injection
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • HEADER_INJECTION none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
811 OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS)
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
812 OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
813 OWASP Top Ten 2010 Category A4 - Insecure Direct Object References
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • PATH_MANIPULATION none
  • SQLI none
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • JAVA_CODE_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • PATH_MANIPULATION none
  • SQLI none
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY unrestricted_dtds
814 OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF)
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CSRF database_update
  • CSRF none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
815 OWASP Top Ten 2010 Category A6 - Security Misconfiguration
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • INSECURE_COOKIE dotnet
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • EXPOSED_PREFERENCES none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • INSECURE_COOKIE missing_httponly_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
816 OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • DISABLED_ENCRYPTION text_encryptor
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
817 OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • IMPLICIT_INTENT none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • IMPLICIT_INTENT none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
818 OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • DISABLED_ENCRYPTION text_encryptor
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
819 OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • OPEN_REDIRECT none
820 Missing Synchronization
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • MISSING_LOCK none
  • MISSING_LOCK none
  • GUARDED_BY_VIOLATION none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • MISSING_LOCK none
  • LOCK_EVASION none
821 Incorrect Synchronization
  • FB.RU_INVOKE_RUN none
822 Untrusted Pointer Dereference
823 Use of Out-of-range Pointer Offset
824 Access of Uninitialized Pointer
825 Expired Pointer Dereference
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
826 Premature Release of Resource During Expected Lifetime
827 Improper Control of Document Type Definition
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY unrestricted_dtds
828 Signal Handler with Functionality that is not Asynchronous-Safe
829 Inclusion of Functionality from Untrusted Control Sphere
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • JAVA_CODE_INJECTION none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • MISSING_IFRAME_SANDBOX none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • MISSING_IFRAME_SANDBOX none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
830 Inclusion of Web Functionality from an Untrusted Source
831 Signal Handler Function Associated with Multiple Signals
832 Unlock of a Resource that is not Locked
833 Deadlock
  • LOCK_INVERSION none
  • ORDER_REVERSAL none
  • ORDER_REVERSAL none
  • LOCK_INVERSION none
  • DC.DEADLOCK none
  • LOCK_INVERSION none
  • ORDER_REVERSAL none
834 Excessive Iteration
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • XML_EXTERNAL_ENTITY entity_expansion
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • XML_EXTERNAL_ENTITY entity_expansion
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
835 Loop with Unreachable Exit Condition ('Infinite Loop')
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
836 Use of Password Hash Instead of Password for Authentication
837 Improper Enforcement of a Single, Unique Action
838 Inappropriate Encoding for Output Context
839 Numeric Range Comparison Without Minimum Check
840 Business Logic Errors
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION unencrypted_connection
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • IMPLICIT_INTENT none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
841 Improper Enforcement of Behavioral Workflow
842 Placement of User into Incorrect Group
843 Access of Resource Using Incompatible Type ('Type Confusion')
844 Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
  • BAD_EQ referential
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC leak
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK no_null_terminator
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK no_null_terminator
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • ATOMICITY none
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DEADLOCK none
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK no_null_terminator
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XSS none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • NO_EFFECT self_assign
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • CALL_SUPER none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
845 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)
  • BAD_EQ referential
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EL_INJECTION none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
846 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
847 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)
  • BAD_EQ referential
  • BAD_COMPARE string_lit_comparison
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • BAD_COMPARE string_lit_comparison
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • BAD_COMPARE string_lit_comparison
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
848 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • PW.DIVIDE_BY_ZERO none
  • SIGN_EXTENSION none
  • TAINTED_SCALAR divisor
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • PW.DIVIDE_BY_ZERO none
  • SIGN_EXTENSION none
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • SIGN_EXTENSION none
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
849 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.MS_CANNOT_BE_FINAL none
850 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
  • CALL_SUPER none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.BSTR.ALLOC double_free
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK double_lock
  • LOCK lock_assert
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • ORM_LOAD_NULL_CHECK none
  • SWAPPED_ARGUMENTS none
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SWAPPED_ARGUMENTS none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • CALL_SUPER none
  • SWAPPED_ARGUMENTS none
851 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DM_EXIT none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
852 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • TOCTOU none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • TOCTOU none
  • ATOMICITY none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.RU_INVOKE_RUN none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • TOCTOU none
  • LOCK_EVASION none
853 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK_EVASION none
854 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)
  • UNCAUGHT_EXCEPT none
  • UNCAUGHT_EXCEPT none
  • FB.DM_EXIT none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • UNCAUGHT_EXCEPT none
855 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
856 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)
857 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
  • INSECURE_COOKIE dotnet
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC leak
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • DISABLED_ENCRYPTION text_encryptor
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION unencrypted_connection
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • INSECURE_COOKIE missing_httponly_low
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • XML_EXTERNAL_ENTITY entity_expansion
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
858 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • DISABLED_ENCRYPTION text_encryptor
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNSAFE_DESERIALIZATION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • INSECURE_COMMUNICATION insecure_connection
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • INSECURE_COMMUNICATION insecure_connection
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
859 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
  • INSECURE_COOKIE dotnet
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_NAMED_QUERY none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • DISABLED_ENCRYPTION text_encryptor
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • JSP_DYNAMIC_INCLUDE none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • INSECURE_COMMUNICATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_REFLECTION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • INSECURE_COOKIE missing_httponly_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_NAMED_QUERY none
860 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)
  • INSECURE_COOKIE dotnet
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE missing_httponly_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
861 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LOCK_EVASION none
  • NON_STATIC_GUARDING_STATIC none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CTOR_DTOR_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • DISABLED_ENCRYPTION text_encryptor
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • LOCK_EVASION none
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SINGLETON_RACE none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CTOR_DTOR_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LOCK_EVASION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
862 Missing Authorization
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
863 Incorrect Authorization
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
864 2011 Top 25 - Insecure Interaction Between Components
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • OS_CMD_INJECTION none
  • SQLI none
  • OS_CMD_INJECTION none
  • SQLI none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • JAVA_CODE_INJECTION none
  • JSP_SQL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • MISSING_IFRAME_SANDBOX none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • OS_CMD_INJECTION none
  • SQLI none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF database_update
  • CSRF none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • MISSING_IFRAME_SANDBOX none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_TABNABBING react_target_blank
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
865 2011 Top 25 - Risky Resource Management
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • BAD_ALLOC_STRLEN none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SECURE_CODING none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • BAD_ALLOC_STRLEN none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SECURE_CODING none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • PATH_MANIPULATION none
  • DC.DANGEROUS none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • JSP_DYNAMIC_INCLUDE none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • BAD_ALLOC_STRLEN none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • SECURE_CODING none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
866 2011 Top 25 - Porous Defenses
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
867 2011 Top 25 - Weaknesses On the Cusp
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SIGN_EXTENSION none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SIGN_EXTENSION none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORM_LOAD_NULL_CHECK none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NULL_RETURNS none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • BAD_COMPARE comparator_misuse
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SIGN_EXTENSION none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NULL_RETURNS none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • NULL_RETURNS none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_THROW none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XSS none
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_type_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNREACHABLE none
  • UNSAFE_REFLECTION none
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
869 CERT C++ Secure Coding Section 01 - Preprocessor (PRE)
870 CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL)
871 CERT C++ Secure Coding Section 03 - Expressions (EXP)
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • REVERSE_INULL none
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FB.BC_NULL_INSTANCEOF none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • REVERSE_INULL none
872 CERT C++ Secure Coding Section 04 - Integers (INT)
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • DC.DANGEROUS none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
873 CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP)
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • COM.BSTR.CONV none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS invalid_type_printf_arg
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • OVERFLOW_BEFORE_WIDEN none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
874 CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR)
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BRANCH_PAST_INITIALIZATION none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BRANCH_PAST_INITIALIZATION none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
875 CERT C++ Secure Coding Section 07 - Characters and Strings (STR)
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • READLINK none
  • REVERSE_NEGATIVE critical_argument
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PRINTF_ARGS invalid_type_printf_arg
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • READLINK none
  • REVERSE_NEGATIVE critical_argument
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PRINTF_ARGS invalid_type_printf_arg
  • READLINK none
  • REVERSE_NEGATIVE critical_argument
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • SQLI sql_injection_dynamic_finder_med
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
876 CERT C++ Secure Coding Section 08 - Memory Management (MEM)
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_THROW none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • EL_INJECTION none
  • FB.BC_NULL_INSTANCEOF none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_THROW none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • FORWARD_NULL bad_null_value_use
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • FORWARD_NULL bad_null_value_use
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • FORWARD_NULL bad_null_value_use
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
877 CERT C++ Secure Coding Section 09 - Input Output (FIO)
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • GUARDED_BY_VIOLATION none
  • INSECURE_COOKIE dotnet
  • NON_STATIC_GUARDING_STATIC none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNRESTRICTED_DISPATCH none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • DC.DANGEROUS none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JSP_DYNAMIC_INCLUDE none
  • NON_STATIC_GUARDING_STATIC none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNRESTRICTED_DISPATCH none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • INSECURE_COOKIE missing_httponly_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNRESTRICTED_DISPATCH none
878 CERT C++ Secure Coding Section 10 - Environment (ENV)
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • FB.DM_EXIT none
  • FB.REC_CATCH_EXCEPTION none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
879 CERT C++ Secure Coding Section 11 - Signals (SIG)
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.RU_INVOKE_RUN none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK_EVASION none
880 CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DM_EXIT none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
881 CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP)
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CALL_SUPER clone
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • TRUST_BOUNDARY_VIOLATION none
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
882 CERT C++ Secure Coding Section 14 - Concurrency (CON)
  • GUARDED_BY_VIOLATION none
  • NON_STATIC_GUARDING_STATIC none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • MISSING_LOCK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TOCTOU none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • MISSING_LOCK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TOCTOU none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • GUARDED_BY_VIOLATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • NON_STATIC_GUARDING_STATIC none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • MISSING_LOCK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TOCTOU none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
883 CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • EL_INJECTION none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MOBILE_ID_MISUSE none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNREACHABLE none
  • UNSAFE_REFLECTION none
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • HARDCODED_CREDENTIALS secret_in_source_med
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • OVERFLOW_BEFORE_WIDEN none
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
884 CWE Cross-section
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_THROW none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_THROW none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CSRF database_update
  • CSRF none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
885 SFP Primary Cluster: Risky Values
  • BAD_EQ_TYPES none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • OVERFLOW_BEFORE_WIDEN none
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SIGN_EXTENSION none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR divisor
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SIGN_EXTENSION none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR divisor
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • OVERFLOW_BEFORE_WIDEN none
  • SWAPPED_ARGUMENTS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SIGN_EXTENSION none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR divisor
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • IDENTIFIER_TYPO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • IDENTIFIER_TYPO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • IDENTIFIER_TYPO none
  • SQLI sql_injection_dynamic_finder_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • OVERFLOW_BEFORE_WIDEN none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • SWAPPED_ARGUMENTS none
886 SFP Primary Cluster: Unused entities
  • BAD_EQ_TYPES none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
887 SFP Primary Cluster: API
  • CALL_SUPER none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.BSTR.ALLOC double_free
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SECURE_CODING none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SECURE_CODING none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK double_lock
  • LOCK lock_assert
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HTTP_VERB_TAMPERING none
  • DC.DANGEROUS none
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.RU_INVOKE_RUN none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • INSECURE_HTTP_FIREWALL spring_security
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • ORM_LOAD_NULL_CHECK none
  • SWAPPED_ARGUMENTS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SECURE_CODING none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • CALL_SUPER none
  • SWAPPED_ARGUMENTS none
888 Software Fault Pattern (SFP) Clusters
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • SWAPPED_ARGUMENTS none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HFA none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_DOH none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IMPLICIT_INTENT none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • PROPERTY_MIXUP none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • SYMFONY_EL_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CALL_SUPER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
889 SFP Primary Cluster: Exception Management
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_BREAK none
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_BREAK none
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • MISSING_BREAK none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISSING_BREAK none
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • MISSING_BREAK none
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
890 SFP Primary Cluster: Memory Access
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • READLINK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • READLINK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FB.BC_NULL_INSTANCEOF none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • READLINK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL bad_null_value_use
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • REVERSE_INULL none
891 SFP Primary Cluster: Memory Management
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • USE_AFTER_FREE double_free
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • USE_AFTER_FREE double_free
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • USE_AFTER_FREE double_free
892 SFP Primary Cluster: Resource Management
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_AUTHZ none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DEADLOCK none
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_dynamic_finder_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • NO_EFFECT self_assign
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LOCK_EVASION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
893 SFP Primary Cluster: Path Resolution
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CHROOT none
  • PATH_MANIPULATION none
  • URL_MANIPULATION none
  • CHROOT none
  • PATH_MANIPULATION none
  • URL_MANIPULATION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • HEADER_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • PATH_MANIPULATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CHROOT none
  • PATH_MANIPULATION none
  • URL_MANIPULATION none
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • PATH_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
894 SFP Primary Cluster: Synchronization
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • TOCTOU none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • TOCTOU none
  • ATOMICITY none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.RU_INVOKE_RUN none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • TOCTOU none
  • LOCK_EVASION none
895 SFP Primary Cluster: Information Leak
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • LOG_INJECTION none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • MISRA C++-2008 Rule 15-3-2 none
  • PATH_MANIPULATION none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • MISRA C++-2008 Rule 15-3-2 none
  • PATH_MANIPULATION none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • ANDROID_DEBUG_MODE none
  • CALL_SUPER clone
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • LOG_INJECTION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • LOG_INJECTION none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
896 SFP Primary Cluster: Tainted Input
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
897 SFP Primary Cluster: Entry Points
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
898 SFP Primary Cluster: Authentication
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING session_secret_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
899 SFP Primary Cluster: Access Control
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_AUTHZ none
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • XSS none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DISABLED_ENCRYPTION text_encryptor
  • FB.BC_NULL_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF database_update
  • CSRF none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
901 SFP Primary Cluster: Privilege
902 SFP Primary Cluster: Channel
  • RISKY_CRYPTO ssl_protocol
  • XSS none
  • XSS stored_xss
  • INCOMPATIBLE_CAST endianness
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • INCOMPATIBLE_CAST endianness
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • XSS none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • INSECURE_HTTP_FIREWALL spring_security
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • INCOMPATIBLE_CAST endianness
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XSS none
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • RISKY_CRYPTO ssl_protocol
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • RISKY_CRYPTO ssl_protocol
  • XSS none
  • XSS stored_xss
903 SFP Primary Cluster: Cryptography
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
904 SFP Primary Cluster: Malware
905 SFP Primary Cluster: Predictability
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS secret_in_source_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
906 SFP Primary Cluster: UI
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • FB.REC_CATCH_EXCEPTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_LOGGING logging_obligation
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
907 SFP Primary Cluster: Other
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • SWAPPED_ARGUMENTS none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HFA none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_DOH none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IMPLICIT_INTENT none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • SYMFONY_EL_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XSS none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • WEAK_BIOMETRIC_AUTH none
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • CALL_SUPER none
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
908 Use of Uninitialized Resource
909 Missing Initialization of Resource
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT bad_memset_zero_size
910 Use of Expired File Descriptor
911 Improper Update of Reference Count
912 Hidden Functionality
913 Improper Control of Dynamically-Managed Code Resources
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • NOSQL_QUERY_INJECTION none
  • TEMPLATE_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • XPATH_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XPATH_INJECTION none
914 Improper Control of Dynamically-Identified Variables
915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
916 Use of Password Hash With Insufficient Computational Effort
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • INSECURE_SALT hardcoded
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • INSECURE_SALT hardcoded
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
  • EL_INJECTION none
918 Server-Side Request Forgery (SSRF)
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • URL_MANIPULATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • URL_MANIPULATION none
  • URL_MANIPULATION none
919 Weaknesses in Mobile Applications
920 Improper Restriction of Power Consumption
921 Storage of Sensitive Data in a Mechanism without Access Control
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
922 Insecure Storage of Sensitive Information
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • LOCALSTORAGE_WRITE none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • HARDCODED_CREDENTIALS secret_in_source_med
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • LOCALSTORAGE_WRITE none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
923 Improper Restriction of Communication Channel to Intended Endpoints
  • RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO ssl_protocol
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • RISKY_CRYPTO ssl_protocol
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • RISKY_CRYPTO ssl_protocol
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • RISKY_CRYPTO ssl_protocol
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO ssl_protocol
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • RISKY_CRYPTO ssl_protocol
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO ssl_protocol
924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel
925 Improper Verification of Intent by Broadcast Receiver
926 Improper Export of Android Application Components
  • ANDROID_CAPABILITY_LEAK none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • ANDROID_CAPABILITY_LEAK none
927 Use of Implicit Intent for Sensitive Communication
  • IMPLICIT_INTENT none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • IMPLICIT_INTENT none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
928 Weaknesses in OWASP Top Ten (2013)
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • AUTOSAR C++14 A15-3-3 none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • AUTOSAR C++14 A15-3-3 none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • READLINK none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
929 OWASP Top Ten 2013 Category A1 - Injection
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
930 OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
931 OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS)
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
932 OWASP Top Ten 2013 Category A4 - Insecure Direct Object References
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • PATH_MANIPULATION none
  • SQLI none
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • PATH_MANIPULATION none
  • SQLI none
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY unrestricted_dtds
933 OWASP Top Ten 2013 Category A5 - Security Misconfiguration
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XSS none
  • XSS stored_xss
  • AUTOSAR C++14 A15-3-3 none
  • INCOMPATIBLE_CAST endianness
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUTOSAR C++14 A15-3-3 none
  • INCOMPATIBLE_CAST endianness
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XSS none
  • ANDROID_DEBUG_MODE none
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_HTTP_FIREWALL spring_security
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DOM_XSS none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • ANDROID_DEBUG_MODE none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • INCOMPATIBLE_CAST endianness
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XSS none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XSS none
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DOM_XSS none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XSS none
  • XSS stored_xss
934 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • DISABLED_ENCRYPTION text_encryptor
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
935 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ANDROID_CAPABILITY_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
936 OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF)
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CSRF database_update
  • CSRF none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
938 OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • OPEN_REDIRECT none
  • OPEN_REDIRECT none
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
939 Improper Authorization in Handler for Custom URL Scheme
940 Improper Verification of Source of a Communication Channel
941 Incorrectly Specified Destination in a Communication Channel
942 Permissive Cross-domain Policy with Untrusted Domains
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
943 Improper Neutralization of Special Elements in Data Query Logic
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XPATH_INJECTION none
  • SQLI none
  • XPATH_INJECTION none
  • SQLI none
  • XPATH_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XPATH_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • XPATH_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XPATH_INJECTION none
944 SFP Secondary Cluster: Access Management
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
945 SFP Secondary Cluster: Insecure Resource Access
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • IMPLICIT_INTENT none
  • INSECURE_HTTP_FIREWALL spring_security
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • IMPLICIT_INTENT none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • MISSING_AUTHZ none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
946 SFP Secondary Cluster: Insecure Resource Permissions
  • INSECURE_COOKIE dotnet
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE missing_httponly_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
947 SFP Secondary Cluster: Authentication Bypass
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
948 SFP Secondary Cluster: Digital Certificate
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
949 SFP Secondary Cluster: Faulty Endpoint Authentication
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CSRF database_update
  • CSRF none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
950 SFP Secondary Cluster: Hardcoded Sensitive Data
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS secret_in_source_med
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
951 SFP Secondary Cluster: Insecure Authentication Policy
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
952 SFP Secondary Cluster: Missing Authentication
  • MISSING_AUTHZ none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • MISSING_AUTHZ none
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • MISSING_AUTHZ none
  • MISSING_AUTHZ none
  • MISSING_AUTHZ none
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • MISSING_AUTHZ none
  • MISSING_AUTHZ none
953 SFP Secondary Cluster: Missing Endpoint Authentication
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
954 SFP Secondary Cluster: Multiple Binds to the Same Port
955 SFP Secondary Cluster: Unrestricted Authentication
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
956 SFP Secondary Cluster: Channel Attack
  • RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • RISKY_CRYPTO ssl_protocol
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • RISKY_CRYPTO ssl_protocol
957 SFP Secondary Cluster: Protocol Error
  • XSS none
  • XSS stored_xss
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST endianness
  • XSS none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • INSECURE_HTTP_FIREWALL spring_security
  • XSS none
  • XSS stored_xss
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • INCOMPATIBLE_CAST endianness
  • XSS none
  • XSS none
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
958 SFP Secondary Cluster: Broken Cryptography
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
959 SFP Secondary Cluster: Weak Cryptography
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO hashing
960 SFP Secondary Cluster: Ambiguous Exception Type
  • FB.REC_CATCH_EXCEPTION none
961 SFP Secondary Cluster: Incorrect Exception Behavior
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
962 SFP Secondary Cluster: Unchecked Status Condition
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_BREAK none
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_BREAK none
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • MISSING_BREAK none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISSING_BREAK none
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • MISSING_BREAK none
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
963 SFP Secondary Cluster: Exposed Data
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • LOG_INJECTION none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • MISRA C++-2008 Rule 15-3-2 none
  • PATH_MANIPULATION none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • MISRA C++-2008 Rule 15-3-2 none
  • PATH_MANIPULATION none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • LOG_INJECTION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • LOG_INJECTION none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
964 SFP Secondary Cluster: Exposure Temporary File
  • SECURE_TEMP none
  • SECURE_TEMP none
965 SFP Secondary Cluster: Insecure Session Management
966 SFP Secondary Cluster: Other Exposures
  • INSECURE_COOKIE dotnet
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CALL_SUPER clone
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • TRUST_BOUNDARY_VIOLATION none
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
967 SFP Secondary Cluster: State Disclosure
968 SFP Secondary Cluster: Covert Channel
969 SFP Secondary Cluster: Faulty Memory Release
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • USE_AFTER_FREE double_free
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • USE_AFTER_FREE double_free
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • USE_AFTER_FREE double_free
970 SFP Secondary Cluster: Faulty Buffer Access
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
971 SFP Secondary Cluster: Faulty Pointer Use
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FB.BC_NULL_INSTANCEOF none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • FORWARD_NULL bad_null_value_use
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • REVERSE_INULL none
972 SFP Secondary Cluster: Faulty String Expansion
973 SFP Secondary Cluster: Improper NULL Termination
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • READLINK none
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • READLINK none
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • READLINK none
  • SIZECHECK no_null_terminator
  • STRING_NULL none
974 SFP Secondary Cluster: Incorrect Buffer Length Computation
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • COM.BSTR.CONV none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
975 SFP Secondary Cluster: Architecture
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSUFFICIENT_LOGGING logging_obligation
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
976 SFP Secondary Cluster: Compiler
977 SFP Secondary Cluster: Design
  • BAD_EQ referential
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • STRAY_SEMICOLON none
  • UNKNOWN_LANGUAGE_INJECTION none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ATOMICITY none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST endianness
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISSING_BREAK none
  • MISSING_LOCK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • ORDER_REVERSAL none
  • OVERFLOW_BEFORE_WIDEN none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • STRAY_SEMICOLON none
  • TAINTED_SCALAR divisor
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • XPATH_INJECTION none
  • ATOMICITY none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST endianness
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISSING_BREAK none
  • MISSING_LOCK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • ORDER_REVERSAL none
  • OVERFLOW_BEFORE_WIDEN none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • STRAY_SEMICOLON none
  • TAINTED_SCALAR divisor
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • SLEEP none
  • TEMPLATE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DEADLOCK none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DM_EXIT none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • STRAY_SEMICOLON none
  • UNKNOWN_LANGUAGE_INJECTION none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • STRAY_SEMICOLON none
  • TEMPLATE_INJECTION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ATOMICITY none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST endianness
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISSING_BREAK none
  • MISSING_LOCK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • ORDER_REVERSAL none
  • OVERFLOW_BEFORE_WIDEN none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • STRAY_SEMICOLON none
  • TAINTED_SCALAR divisor
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • STRAY_SEMICOLON none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • OVERFLOW_BEFORE_WIDEN none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • STRAY_SEMICOLON none
  • TEMPLATE_INJECTION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY entity_expansion
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK_EVASION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
978 SFP Secondary Cluster: Implementation
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • CALL_SUPER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK_INVERSION none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HFA none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • PASS_BY_VALUE none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • STACK_USE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • PASS_BY_VALUE none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • STACK_USE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • XML_EXTERNAL_ENTITY entity_expansion
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_DOH none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_HTTP_FIREWALL spring_security
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • LOCK_INVERSION none
  • MISSING_BREAK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • ORM_LOAD_NULL_CHECK none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • PASS_BY_VALUE none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • STACK_USE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING session_secret_hi
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPLATE_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • CALL_SUPER none
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NULL_RETURNS none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
979 SFP Secondary Cluster: Failed Chroot Jail
  • CHROOT none
  • CHROOT none
  • CHROOT none
980 SFP Secondary Cluster: Link in Resource Name Resolution
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • OPEN_REDIRECT none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • URL_MANIPULATION none
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT none
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XML_EXTERNAL_ENTITY external_entities
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
981 SFP Secondary Cluster: Path Traversal
  • PATH_MANIPULATION none
  • UNRESTRICTED_DISPATCH none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • JSP_DYNAMIC_INCLUDE none
  • PATH_MANIPULATION none
  • UNRESTRICTED_DISPATCH none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • UNRESTRICTED_DISPATCH none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
982 SFP Secondary Cluster: Failure to Release Resource
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
983 SFP Secondary Cluster: Faulty Resource Use
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • USE_AFTER_FREE none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
984 SFP Secondary Cluster: Life Cycle
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_AUTHZ none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DEADLOCK none
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_dynamic_finder_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • NO_EFFECT self_assign
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LOCK_EVASION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XPATH_INJECTION none
985 SFP Secondary Cluster: Unrestricted Consumption
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • XML_EXTERNAL_ENTITY entity_expansion
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
986 SFP Secondary Cluster: Missing Lock
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.RU_INVOKE_RUN none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK_EVASION none
987 SFP Secondary Cluster: Multiple Locks/Unlocks
  • LOCK double_lock
  • LOCK double_lock
  • LOCK double_lock
  • FB.ESYNC_EMPTY_SYNC none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • LOCK double_lock
988 SFP Secondary Cluster: Race Condition Window
  • GUARDED_BY_VIOLATION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • MISSING_LOCK none
  • TOCTOU none
  • MISSING_LOCK none
  • TOCTOU none
  • GUARDED_BY_VIOLATION none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • MISSING_LOCK none
  • TOCTOU none
989 SFP Secondary Cluster: Unrestricted Lock
990 SFP Secondary Cluster: Tainted Input to Command
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • NEGATIVE_RETURNS critical_argument
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • NEGATIVE_RETURNS critical_argument
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • NEGATIVE_RETURNS critical_argument
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
991 SFP Secondary Cluster: Tainted Input to Environment
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNSAFE_NAMED_QUERY none
  • XPATH_INJECTION none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • XPATH_INJECTION none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • XPATH_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • TEMPLATE_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TEMPLATE_INJECTION none
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • XPATH_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNSAFE_REFLECTION none
  • NOSQL_QUERY_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • TEMPLATE_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • UNSAFE_NAMED_QUERY none
  • XPATH_INJECTION none
992 SFP Secondary Cluster: Faulty Input Transformation
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
993 SFP Secondary Cluster: Incorrect Input Handling
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
994 SFP Secondary Cluster: Tainted Input to Variable
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XSS none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
995 SFP Secondary Cluster: Feature
996 SFP Secondary Cluster: Security
997 SFP Secondary Cluster: Information Loss
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • FB.REC_CATCH_EXCEPTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_LOGGING logging_obligation
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
998 SFP Secondary Cluster: Glitch in Computation
  • BAD_EQ_TYPES none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • OVERFLOW_BEFORE_WIDEN none
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SIGN_EXTENSION none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR divisor
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SIGN_EXTENSION none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR divisor
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • OVERFLOW_BEFORE_WIDEN none
  • SWAPPED_ARGUMENTS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SIGN_EXTENSION none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR divisor
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • IDENTIFIER_TYPO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • IDENTIFIER_TYPO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • IDENTIFIER_TYPO none
  • SQLI sql_injection_dynamic_finder_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • OVERFLOW_BEFORE_WIDEN none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • SWAPPED_ARGUMENTS none
999 Weaknesses without Software Fault Patterns
1000 Research Concepts
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • SWAPPED_ARGUMENTS none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HFA none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_DOH none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IMPLICIT_INTENT none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • PROPERTY_MIXUP none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ASSIGN_NOT_RETURNING_STAR_THIS indirect
  • ASSIGN_NOT_RETURNING_STAR_THIS none
  • ASSIGN_NOT_RETURNING_STAR_THIS usable_for_chained_assignment
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_OVERRIDE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_RETURN multiple_returns
  • MISSING_RETURN none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SELF_ASSIGN none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • SYMFONY_EL_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CALL_SUPER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1001 SFP Secondary Cluster: Use of an Improper API
  • CALL_SUPER none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.BSTR.ALLOC double_free
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SECURE_CODING none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SECURE_CODING none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK double_lock
  • LOCK lock_assert
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HTTP_VERB_TAMPERING none
  • DC.DANGEROUS none
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.RU_INVOKE_RUN none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • INSECURE_HTTP_FIREWALL spring_security
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • ORM_LOAD_NULL_CHECK none
  • SWAPPED_ARGUMENTS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SECURE_CODING none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • CALL_SUPER none
  • SWAPPED_ARGUMENTS none
1002 SFP Secondary Cluster: Unexpected Entry Points
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
1003 Weaknesses for Simplified Mapping of Published Vulnerabilities
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_THROW none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • FLOATING_POINT_EQUALITY none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_printf_format_string
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_printf_format_string
  • PW.* none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IMPLICIT_INTENT none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • PROPERTY_MIXUP none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT extra_high_bits
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT pointless_string_compare
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • ENUM_AS_BOOLEAN none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR mismatched_comparison
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MIXED_ENUMS inferred
  • MIXED_ENUMS none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT array_null
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_deref
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT static_through_instance
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NO_EFFECT useless_continue
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PASS_BY_VALUE none
  • PATH_MANIPULATION none
  • PRINTF_ARGS invalid_printf_format_string
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH extra_sizeof
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH none
  • SIZEOF_MISMATCH sizeof_punning
  • SIZEOF_MISMATCH wrong_size_value
  • SIZEOF_MISMATCH wrong_sizeof
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRAY_SEMICOLON none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • SYMFONY_EL_INJECTION none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF none
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT number_as_truth_value
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • COPY_PASTE_ERROR none
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PARSE_ERROR none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COPY_PASTE_ERROR none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • PW.* none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • UNEXPECTED_CONTROL_FLOW useless_defer
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT bit_and_with_zero
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT result_independent_of_operands
  • CONSTANT_EXPRESSION_RESULT same_on_both_sides
  • CONSTANT_EXPRESSION_RESULT typeof_misuse
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • COPY_PASTE_ERROR none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DEADCODE none
  • DEADCODE redundant_test
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_BREAK none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • STRAY_SEMICOLON none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNREACHABLE none
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • COPY_PASTE_ERROR none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PROPERTY_MIXUP none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNEXPECTED_CONTROL_FLOW continue_in_do_while_false
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1004 Sensitive Cookie Without 'HttpOnly' Flag
  • INSECURE_COOKIE dotnet
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE missing_httponly_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
1005 7PK - Input Validation and Representation
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • COOKIE_INJECTION none
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1006 Bad Coding Practices
  • BAD_EQ_TYPES none
  • CALL_SUPER none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • SWAPPED_ARGUMENTS none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USELESS_CALL none
  • AUTOSAR C++14 M0-1-1 none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.BSTR.ALLOC double_free
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISRA C++-2008 Rule 0-1-1 none
  • MISRA C-2004 Rule 8.7 none
  • MISSING_BREAK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SECURE_CODING none
  • SWAPPED_ARGUMENTS none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USELESS_CALL none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • AUTOSAR C++14 M0-1-1 none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISRA C++-2008 Rule 0-1-1 none
  • MISRA C-2004 Rule 8.7 none
  • MISSING_BREAK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SECURE_CODING none
  • SWAPPED_ARGUMENTS none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USELESS_CALL none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • LOCK double_lock
  • LOCK lock_assert
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • DC.DANGEROUS none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DLS_DEAD_LOCAL_INCREMENT_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE none
  • FB.DLS_DEAD_LOCAL_STORE_IN_RETURN none
  • FB.DLS_DEAD_LOCAL_STORE_OF_NULL none
  • FB.DLS_DEAD_LOCAL_STORE_SHADOWS_FIELD none
  • FB.DLS_DEAD_STORE_OF_CLASS_LITERAL none
  • FB.DLS_OVERWRITTEN_INCREMENT none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.ESYNC_EMPTY_SYNC none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
  • FB.IP_PARAMETER_IS_DEAD_BUT_OVERWRITTEN none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.NP_SYNC_AND_NULL_CHECK_FIELD none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_BREAK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • ORM_LOAD_NULL_CHECK none
  • SWAPPED_ARGUMENTS none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USELESS_CALL none
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • DEADCODE none
  • DEADCODE redundant_test
  • EXPLICIT_THIS_EXPECTED none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_BREAK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SECURE_CODING none
  • SWAPPED_ARGUMENTS none
  • UNREACHABLE none
  • UNUSED_VALUE adjacent
  • UNUSED_VALUE none
  • USELESS_CALL none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • UNREACHABLE none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • DEADCODE none
  • DEADCODE redundant_test
  • EXPLICIT_THIS_EXPECTED none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTIFIER_TYPO none
  • MISSING_BREAK none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • UNREACHABLE none
  • CALL_SUPER none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • SWAPPED_ARGUMENTS none
  • UNREACHABLE none
1007 Insufficient Visual Distinction of Homoglyphs Presented to User
1008 Architectural Concepts
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_THROW none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK socket
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • DISTRUSTED_DATA_DESERIALIZATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSUFFICIENT_LOGGING logging_obligation
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_INJECTION none
  • RESOURCE_LEAK socket
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CSRF database_update
  • CSRF none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK socket
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1009 Audit
  • LOG_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • INSUFFICIENT_LOGGING logging_obligation
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • LOG_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSUFFICIENT_LOGGING logging_obligation
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSUFFICIENT_LOGGING logging_obligation
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • LOG_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
1010 Authenticate Actors
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_SALT hardcoded
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
1011 Authorize Actors
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISRA C++-2008 Rule 15-3-2 none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • MISRA C++-2008 Rule 15-3-2 none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • EXPOSED_PREFERENCES none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • CHROOT none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • TAINTED_SCALAR allocation
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DNS_PREFETCHING helmet_dns_prefetching
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • PATH_MANIPULATION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK socket
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
1012 Cross Cutting
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
1013 Encrypt Data
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • DISABLED_ENCRYPTION text_encryptor
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_WRITE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_WRITE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
1014 Identify Actors
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • URL_MANIPULATION none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • URL_MANIPULATION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • CSRF database_update
  • CSRF none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_UNTRUSTED_DECODE jwt_untrusted_decode
  • MULTER_MISCONFIGURATION multer_custom_file_filter
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • URL_MANIPULATION none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
1015 Limit Access
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AUTOSAR C++14 A15-3-3 none
  • CHROOT none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • URL_MANIPULATION none
  • AUTOSAR C++14 A15-3-3 none
  • CHROOT none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • URL_MANIPULATION none
  • OPEN_REDIRECT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • OPEN_REDIRECT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CHROOT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • URL_MANIPULATION none
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XML_EXTERNAL_ENTITY external_entities
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • XML_EXTERNAL_ENTITY external_entities
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OPEN_REDIRECT none
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • HEADER_INJECTION none
  • OPEN_REDIRECT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
1016 Limit Exposure
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • JAVA_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • MISSING_IFRAME_SANDBOX none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • MISSING_IFRAME_SANDBOX none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • XML_EXTERNAL_ENTITY unrestricted_dtds
1017 Lock Computer
1018 Manage User Sessions
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • SESSION_FIXATION none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
1019 Validate Inputs
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • COOKIE_INJECTION none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XSS none
  • CSRF database_update
  • CSRF none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XSS none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • COOKIE_INJECTION none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION url_substring
  • XSS none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1020 Verify Message Integrity
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_THROW none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • AUTOSAR C++14 A15-3-3 none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • AUTOSAR C++14 A15-3-3 none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XSS none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • EL_INJECTION none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.REC_CATCH_EXCEPTION none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_THROW none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1021 Improper Restriction of Rendered UI Layers or Frames
1022 Use of Web Link to Untrusted Target with window.opener Access
  • REVERSE_TABNABBING react_target_blank
  • REVERSE_TABNABBING react_target_blank
1023 Incomplete Comparison with Missing Factors
  • HIBERNATE_BAD_HASHCODE bad_equals
1024 Comparison of Incompatible Types
1025 Comparison Using Wrong Factors
1026 Weaknesses in OWASP Top Ten (2017)
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNSAFE_DESERIALIZATION none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • MISRA C++-2008 Rule 15-3-2 none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSUFFICIENT_LOGGING logging_obligation
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION android
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION android
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DOM_XSS none
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION android
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION android
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DOM_XSS none
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_AUTHZ none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNSAFE_DESERIALIZATION none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1027 OWASP Top Ten 2017 Category A1 - Injection
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_INJECTION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • SQLI none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • EL_INJECTION none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • HEADER_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNSAFE_JNI none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_INJECTION none
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SQLI none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_REFLECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_EXPRESSION_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_INJECTION none
  • XPATH_INJECTION none
1028 OWASP Top Ten 2017 Category A2 - Broken Authentication
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_DYNAMIC_INCLUDE none
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • REVERSE_TABNABBING react_target_blank
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
1029 OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COOKIE dotnet
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • DISABLED_ENCRYPTION text_encryptor
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • INSECURE_COMMUNICATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
1030 OWASP Top Ten 2017 Category A4 - XML External Entities (XXE)
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
1031 OWASP Top Ten 2017 Category A5 - Broken Access Control
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • ANDROID_CAPABILITY_LEAK none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
1032 OWASP Top Ten 2017 Category A6 - Security Misconfiguration
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.ASP_VIEWSTATE_MAC none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AUTOSAR C++14 A15-3-3 none
  • MISRA C++-2008 Rule 15-3-2 none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION android
  • CONFIG.DUPLICATE_SERVLET_DEFINITION none
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_HTTP_FIREWALL spring_security
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION android
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_transmission
1033 OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS)
  • XSS none
  • XSS stored_xss
  • XSS none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS none
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • UNESCAPED_HTML unescaped_output_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • DOM_XSS none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • XSS none
  • XSS stored_xss
1034 OWASP Top Ten 2017 Category A8 - Insecure Deserialization
  • UNSAFE_DESERIALIZATION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_DESERIALIZATION none
1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION android
  • CONFIG.ANDROID_UNSAFE_MINSDKVERSION android
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1856_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
1036 OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_LOGGING logging_obligation
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
1037 Processor Optimization Removal or Modification of Security-critical Code
1038 Insecure Automated Optimizations
1039 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations
1040 Quality Weaknesses with Indirect Security Impacts
1041 Use of Redundant Code
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
1042 Static Member Data Element outside of a Singleton Class Element
1043 Data Element Aggregating an Excessively Large Number of Non-Primitive Elements
1044 Architecture with Number of Horizontal Layers Outside of Expected Range
1045 Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
1046 Creation of Immutable Text Using String Concatenation
1047 Modules with Circular Dependencies
1048 Invokable Control Element with Large Number of Outward Calls
1049 Excessive Data Query Operations in a Large Data Table
1050 Excessive Platform Resource Consumption within a Loop
1051 Initialization with Hard-Coded Network Resource Configuration Data
1052 Excessive Use of Hard-Coded Literals in Initialization
1053 Missing Documentation for Design
1054 Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
1055 Multiple Inheritance from Concrete Classes
1056 Invokable Control Element with Variadic Parameters
1057 Data Access Operations Outside of Expected Data Manager Component
1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
1059 Incomplete Documentation
1060 Excessive Number of Inefficient Server-Side Data Accesses
1061 Insufficient Encapsulation
1062 Parent Class with References to Child Class
1063 Creation of Class Instance within a Static Code Block
1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters
1065 Runtime Resource Management Control Element in a Component Built to Run on Application Servers
1066 Missing Serialization Control Element
1067 Excessive Execution of Sequential Searches of Data Resource
1068 Inconsistency Between Implementation and Documented Design
1069 Empty Exception Block
1070 Serializable Data Element Containing non-Serializable Item Elements
1071 Empty Code Block
1072 Data Resource Access without Use of Connection Pooling
1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
1074 Class with Excessively Deep Inheritance
1075 Unconditional Control Flow Transfer outside of Switch Block
1076 Insufficient Adherence to Expected Conventions
1077 Floating Point Comparison with Incorrect Operator
  • FLOATING_POINT_EQUALITY none
1078 Inappropriate Source Code Style or Formatting
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
1079 Parent Class without Virtual Destructor Method
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
1080 Source Code File with Excessive Number of Lines of Code
1082 Class Instance Self Destruction Control Element
1083 Data Access from Outside Expected Data Manager Component
1084 Invokable Control Element with Excessive File or Data Access Operations
1085 Invokable Control Element with Excessive Volume of Commented-out Code
1086 Class with Excessive Number of Child Classes
1087 Class with Virtual Method without a Virtual Destructor
1088 Synchronous Access of Remote Resource without Timeout
1089 Large Data Table with Excessive Number of Indices
1090 Method Containing Access of a Member Element from Another Class
1091 Use of Object without Invoking Destructor Method
1092 Use of Same Invokable Control Element in Multiple Architectural Layers
1093 Excessively Complex Data Representation
1094 Excessive Index Range Scan for a Data Resource
1095 Loop Condition Value Update within the Loop
1096 Singleton Class Instance Creation without Proper Locking or Synchronization
1097 Persistent Storable Data Element without Associated Comparison Control Element
1098 Data Element containing Pointer Item without Proper Copy Control Element
1099 Inconsistent Naming Conventions for Identifiers
1100 Insufficient Isolation of System-Dependent Functions
1101 Reliance on Runtime Component in Generated Code
1102 Reliance on Machine-Dependent Data Representation
1103 Use of Platform-Dependent Third Party Components
1104 Use of Unmaintained Third Party Components
1105 Insufficient Encapsulation of Machine-Dependent Functionality
1106 Insufficient Use of Symbolic Constants
1107 Insufficient Isolation of Symbolic Constant Definitions
1108 Excessive Reliance on Global Variables
1109 Use of Same Variable for Multiple Purposes
1110 Incomplete Design Documentation
1111 Incomplete I/O Documentation
1112 Incomplete Documentation of Program Execution
1113 Inappropriate Comment Style
1114 Inappropriate Whitespace Style
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
  • NESTING_INDENT_MISMATCH bad_indentation
  • NESTING_INDENT_MISMATCH none
1115 Source Code Element without Standard Prologue
1116 Inaccurate Comments
1117 Callable with Insufficient Behavioral Summary
1118 Insufficient Documentation of Error Handling Techniques
1119 Excessive Use of Unconditional Branching
1120 Excessive Code Complexity
1121 Excessive McCabe Cyclomatic Complexity
1122 Excessive Halstead Complexity
1123 Excessive Use of Self-Modifying Code
1124 Excessively Deep Nesting
1125 Excessive Attack Surface
1126 Declaration of Variable with Unnecessarily Wide Scope
  • MISRA C-2004 Rule 8.7 none
  • MISRA C-2004 Rule 8.7 none
1127 Compilation with Insufficient Warnings or Errors
1128 CISQ Quality Measures (2016)
  • BAD_EQ_TYPES none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK_INVERSION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNREACHABLE none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FLOATING_POINT_EQUALITY none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SLEEP none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNREACHABLE none
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SLEEP none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNREACHABLE none
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LOCK_INVERSION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNREACHABLE none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SLEEP none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNREACHABLE none
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • XSS none
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • XSS none
  • DEADCODE none
  • DEADCODE redundant_test
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNREACHABLE none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNREACHABLE none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XSS none
  • XSS stored_xss
1129 CISQ Quality Measures - Reliability
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • FLOATING_POINT_EQUALITY none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • RESOURCE_LEAK fds_handles
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • RESOURCE_LEAK fds_handles
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • XML_EXTERNAL_ENTITY entity_expansion
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IL_INFINITE_RECURSIVE_LOOP none
  • FB.REC_CATCH_EXCEPTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • RESOURCE_LEAK fds_handles
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SQLI sql_injection_dynamic_finder_med
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
1130 CISQ Quality Measures - Maintainability
  • BAD_EQ_TYPES none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
1131 CISQ Quality Measures - Security
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK_INVERSION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SLEEP none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SLEEP none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION none
  • XSS none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • DC.DEADLOCK none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LOCK_INVERSION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK fds_handles
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SLEEP none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DOM_XSS none
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XSS none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XSS none
  • XSS stored_xss
1132 CISQ Quality Measures - Performance
1133 Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java
  • BAD_EQ referential
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC leak
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • ATOMICITY none
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DEADLOCK none
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RU_INVOKE_RUN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MISSING_THROW none
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_trust_manager
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ATOMICITY none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • LOCK missing_unlock
  • LOCK none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TOCTOU none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XPATH_INJECTION none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • XSS none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTIFIER_TYPO none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • INSECURE_COOKIE missing_httponly_low
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ATS_INSECURE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • CALL_SUPER none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • NULL_RETURNS none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNSAFE_DESERIALIZATION none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1134 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS)
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • EL_INJECTION none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • READLINK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • URL_MANIPULATION none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • CSS_INJECTION none
  • DOM_XSS none
  • HEADER_INJECTION none
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1135 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL)
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • PW.BRANCH_PAST_INITIALIZATION none
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT self_assign
  • TAINTED_SCALAR allocation
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • NO_EFFECT self_assign
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
1136 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP)
  • BAD_EQ referential
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • BAD_COMPARE string_lit_comparison
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • BAD_COMPARE string_lit_comparison
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • FB.BC_NULL_INSTANCEOF none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • BAD_COMPARE string_lit_comparison
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • FORWARD_NULL bad_null_value_use
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • REVERSE_INULL none
1137 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • COM.BSTR.CONV none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • OVERFLOW_BEFORE_WIDEN none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
1138 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR)
1139 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ)
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.MS_CANNOT_BE_FINAL none
1140 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET)
  • BAD_EQ referential
  • CALL_SUPER none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • SWAPPED_ARGUMENTS none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.BSTR.ALLOC double_free
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK double_lock
  • LOCK lock_assert
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • ORM_LOAD_NULL_CHECK none
  • REGEX_CONFUSION none
  • SWAPPED_ARGUMENTS none
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK lock_assert
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SWAPPED_ARGUMENTS none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • IDENTIFIER_TYPO none
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • CALL_SUPER none
  • SWAPPED_ARGUMENTS none
1141 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • MISSING_THROW none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • MISRA C++-2008 Rule 15-3-2 none
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DM_EXIT none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • MISSING_THROW none
  • ORM_LOAD_NULL_CHECK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NEGATIVE_RETURNS none
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
1142 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA)
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • TOCTOU none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • TOCTOU none
  • ATOMICITY none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.RU_INVOKE_RUN none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • TOCTOU none
  • LOCK_EVASION none
1143 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK)
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK_EVASION none
1144 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI)
  • FB.RU_INVOKE_RUN none
1145 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS)
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
1146 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM)
1147 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
  • BAD_EQ referential
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • NO_EFFECT incomplete_delete
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • XPATH_INJECTION none
  • ALLOC_FREE_MISMATCH none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • NO_EFFECT incomplete_delete
  • OS_CMD_INJECTION none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • FB.DM_EXIT none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RE_BAD_SYNTAX_FOR_REGULAR_EXPRESSION none
  • FB.RE_CANT_USE_FILE_SEPARATOR_AS_REGULAR_EXPRESSION none
  • FB.RE_POSSIBLE_UNINTENDED_PATTERN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • HEADER_INJECTION none
  • HIBERNATE_BAD_HASHCODE bad_equals
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • REGEX_CONFUSION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HEADER_INJECTION none
  • NO_EFFECT incomplete_delete
  • OS_CMD_INJECTION none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK no_null_terminator
  • SQLI none
  • STRING_NULL none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • XPATH_INJECTION none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • XSS none
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XSS none
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • INSECURE_COOKIE missing_httponly_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • REGEX_MISSING_ANCHOR validation_regex_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • REGEX_INJECTION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NOSQL_QUERY_INJECTION none
  • OS_CMD_INJECTION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • XML_EXTERNAL_ENTITY entity_expansion
  • XSS none
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1148 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER)
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • DISABLED_ENCRYPTION text_encryptor
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNSAFE_DESERIALIZATION none
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • INSECURE_COMMUNICATION insecure_connection
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • INSECURE_COMMUNICATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • CONFIG.ATS_INSECURE none
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • INSECURE_COMMUNICATION insecure_connection
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNSAFE_DESERIALIZATION none
1149 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC)
  • INSECURE_COOKIE dotnet
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE missing_httponly_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
1150 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV)
  • INSECURE_COOKIE dotnet
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_COOKIE missing_httponly_low
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
1151 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI)
1152 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC)
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • CTOR_DTOR_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • DISABLED_ENCRYPTION text_encryptor
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_COOKIE java
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • CTOR_DTOR_LEAK none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK fds_handles
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • STACK_USE none
  • TAINTED_SCALAR allocation
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE cookie_missing_secure_flag_low
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING secure_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • CONFIG.ATS_INSECURE none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • AWS_SSL_DISABLED aws_ssl_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
1153 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)
1154 Weaknesses Addressed by the SEI CERT C Coding Standard
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HTTP_VERB_TAMPERING none
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • DISABLED_ENCRYPTION text_encryptor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_DOH none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.FI_USELESS none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MOBILE_ID_MISUSE none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS critical_argument
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_ARGS none
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VARARGS none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTIFIER_TYPO none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTIFIER_TYPO none
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPLICIT_THIS_EXPECTED none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • IDENTIFIER_TYPO none
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSECURE_SALT hardcoded
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CALL_SUPER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SWAPPED_ARGUMENTS none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1155 SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE)
1156 SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
1157 SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SWAPPED_ARGUMENTS none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE critical_argument
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE critical_argument
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FB.BC_NULL_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SWAPPED_ARGUMENTS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • EXPLICIT_THIS_EXPECTED none
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • NULL_RETURNS none
  • REVERSE_INULL none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_COMPARE none
  • BAD_COMPARE string_lit_comparison
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS critical_argument
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • REVERSE_INULL none
  • REVERSE_NEGATIVE critical_argument
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • SWAPPED_ARGUMENTS none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • REVERSE_INULL none
  • SQLI sql_injection_dynamic_finder_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • EXPLICIT_THIS_EXPECTED none
  • FORWARD_NULL bad_null_value_use
  • IDENTIFIER_TYPO none
  • NULL_RETURNS none
  • REVERSE_INULL none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • NULL_RETURNS none
  • REVERSE_INULL none
  • SWAPPED_ARGUMENTS none
1158 SEI CERT C Coding Standard - Guidelines 04. Integers (INT)
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • COM.BSTR.CONV none
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • SQLI sql_injection_dynamic_finder_med
  • OVERFLOW_BEFORE_WIDEN none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
1159 SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP)
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • COM.BSTR.CONV none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_ALLOC_STRLEN none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CHAR_IO none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • NO_EFFECT bad_memset_truncated_fill
  • OVERFLOW_BEFORE_WIDEN none
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • TAINTED_SCALAR divisor
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • OVERFLOW_BEFORE_WIDEN none
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
1160 SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SIZECHECK likely_overflow
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
1161 SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • READLINK none
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.BAD_CAST none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • READLINK none
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • DC.DANGEROUS none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT bad_memset_truncated_fill
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • READLINK none
  • REVERSE_NEGATIVE critical_argument
  • SECURE_CODING none
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • SQLI sql_injection_dynamic_finder_med
1162 SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)
  • OVERFLOW_BEFORE_WIDEN none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT incomplete_delete
  • OVERFLOW_BEFORE_WIDEN none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ALLOC_FREE_MISMATCH none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT incomplete_delete
  • OVERFLOW_BEFORE_WIDEN none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • OVERFLOW_BEFORE_WIDEN none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • USE_AFTER_FREE none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • BAD_ALLOC_STRLEN none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NO_EFFECT incomplete_delete
  • OVERFLOW_BEFORE_WIDEN none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • OVERFLOW_BEFORE_WIDEN none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
1163 SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)
  • ASPNET_MVC_VERSION_HEADER none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHROOT none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO ssl_protocol
  • SECURE_TEMP none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • ANDROID_WEBVIEW_FILEACCESS android_webview_file_access
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • DC.DEADLOCK none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EI_EXPOSE_REP none
  • FB.EI_EXPOSE_REP2 none
  • FB.FI_PUBLIC_SHOULD_BE_PROTECTED none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.MS_CANNOT_BE_FINAL none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_PERMISSION_FOR_BROADCAST none
  • MISSING_PERMISSION_ON_EXPORTED_COMPONENT none
  • NON_STATIC_GUARDING_STATIC none
  • NOSQL_QUERY_INJECTION none
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SESSION_FIXATION none
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TRUST_BOUNDARY_VIOLATION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_CAPABILITY_LEAK none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IMPLICIT_INTENT none
  • INSECURE_COMMUNICATION none
  • MISSING_PERMISSION_FOR_BROADCAST none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHROOT none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT incomplete_delete
  • NO_EFFECT self_assign
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • RISKY_CRYPTO ssl_protocol
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIGN_EXTENSION none
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SLEEP none
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DYNAMIC_OBJECT_ATTRIBUTES attr_protected_used_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_low
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_call_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_permit_all_med
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_hi
  • DYNAMIC_OBJECT_ATTRIBUTES mass_assign_without_protection_med
  • DYNAMIC_OBJECT_ATTRIBUTES no_attr_accessible_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • NO_EFFECT self_assign
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SESSION_MANIPULATION session_key_manipulation_hi
  • SESSION_MANIPULATION session_key_manipulation_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_http_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • LOCALSTORAGE_WRITE none
  • MISSING_AUTHZ none
  • MISSING_IFRAME_SANDBOX none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NO_EFFECT self_assign
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_TABNABBING react_target_blank
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNRESTRICTED_MESSAGE_TARGET none
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • RISKY_CRYPTO ssl_protocol
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY entity_expansion
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1164 Irrelevant Code
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_allow_rule
  • CONFIG.DEAD_AUTHORIZATION_RULE dead_deny_rule
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • USELESS_CALL none
  • AUTOSAR C++14 M0-1-1 none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • MISRA C++-2008 Rule 0-1-1 none
  • UNREACHABLE none
  • USELESS_CALL none
  • AUTOSAR C++14 M0-1-1 none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • MISRA C++-2008 Rule 0-1-1 none
  • UNREACHABLE none
  • USELESS_CALL none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • USELESS_CALL none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • USELESS_CALL none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • UNREACHABLE none
1165 SEI CERT C Coding Standard - Guidelines 10. Environment (ENV)
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SECURE_CODING none
  • UNCAUGHT_EXCEPT none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SECURE_CODING none
  • UNCAUGHT_EXCEPT none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • DC.DANGEROUS none
  • FB.DM_EXIT none
  • FB.REC_CATCH_EXCEPTION none
  • HEADER_INJECTION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • SECURE_CODING none
  • UNCAUGHT_EXCEPT none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION none
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • HEADER_INJECTION none
  • OS_CMD_INJECTION none
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
1166 SEI CERT C Coding Standard - Guidelines 11. Signals (SIG)
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • GUARDED_BY_VIOLATION none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • ATOMICITY none
  • GUARDED_BY_VIOLATION none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • ATOMICITY none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.RU_INVOKE_RUN none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • ATOMICITY none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SLEEP none
  • LOCK_EVASION none
1167 SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR)
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • NO_EFFECT bad_memset_zero_size
  • SECURE_CODING none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • NO_EFFECT bad_memset_zero_size
  • SECURE_CODING none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • DC.DANGEROUS none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • ORM_LOAD_NULL_CHECK none
  • BAD_COMPARE comparator_misuse
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • INCOMPATIBLE_CAST endianness
  • NO_EFFECT bad_memset_zero_size
  • SECURE_CODING none
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
1168 SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API)
1169 SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON)
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SECURE_CODING none
  • SECURE_TEMP none
  • SLEEP none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SECURE_CODING none
  • SECURE_TEMP none
  • SLEEP none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.IS2_INCONSISTENT_SYNC none
  • FB.IS_FIELD_NOT_GUARDED none
  • FB.IS_INCONSISTENT_SYNC none
  • FB.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE none
  • FB.STCAL_STATIC_CALENDAR_INSTANCE none
  • FB.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • LOCK_INVERSION none
  • MOBILE_ID_MISUSE none
  • NON_STATIC_GUARDING_STATIC none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • VOLATILE_ATOMICITY compare
  • VOLATILE_ATOMICITY none
  • VOLATILE_ATOMICITY semantic
  • VOLATILE_ATOMICITY threshold
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISSING_LOCK none
  • ORDER_REVERSAL none
  • SECURE_CODING none
  • SLEEP none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS secret_in_source_med
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
1170 SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC)
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST endianness
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INCOMPATIBLE_CAST endianness
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • DC.DANGEROUS none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • MOBILE_ID_MISUSE none
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • DELETE_VOID none
  • EVALUATION_ORDER none
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INCOMPATIBLE_CAST endianness
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SECURE_CODING none
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HARDCODED_CREDENTIALS secret_in_source_med
  • RAILS_DEVISE_CONFIG devise_encryptor_hi
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_hi
  • WEAK_PASSWORD_HASH weak_hash_digest_med
  • WEAK_PASSWORD_HASH weak_hash_hmac_med
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_SALT hardcoded
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO insecure_cipher
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • SA.RISKY_CRYPTO ssl_protocol
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • RISKY_CRYPTO custom
  • RISKY_CRYPTO hashing
  • RISKY_CRYPTO none
  • RISKY_CRYPTO ssl_protocol
  • WEAK_PASSWORD_HASH weak_hash
  • WEAK_PASSWORD_HASH weak_hash_no_salt
  • WEAK_PASSWORD_HASH weak_hash_weak_salt
  • WEAK_PASSWORD_HASH weak_salt
1171 SEI CERT C Coding Standard - Guidelines 50. POSIX (POS)
  • LOCK_INVERSION none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • ORDER_REVERSAL none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SLEEP none
  • STRING_NULL none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • ORDER_REVERSAL none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SLEEP none
  • STRING_NULL none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • SLEEP none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • DC.DANGEROUS none
  • DC.DEADLOCK none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • LOCK_INVERSION none
  • ORM_LOAD_NULL_CHECK none
  • BAD_COMPARE comparator_misuse
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • ORDER_REVERSAL none
  • READLINK none
  • SIZECHECK no_null_terminator
  • SLEEP none
  • STRING_NULL none
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
1172 SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN)
  • CALL_SUPER none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • SWAPPED_ARGUMENTS none
  • ALLOC_FREE_MISMATCH none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • ALLOC_FREE_MISMATCH none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • PW.BAD_PRINTF_FORMAT_STRING none
  • PW.TOO_FEW_PRINTF_ARGS none
  • PW.TOO_MANY_PRINTF_ARGS none
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • LOCK double_lock
  • ATTRIBUTE_NAME_CONFLICT jsp_tag
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CALL_SUPER clone
  • CALL_SUPER finalize
  • CALL_SUPER none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HTTP_VERB_TAMPERING none
  • DC.DANGEROUS none
  • FB.AM_CREATES_EMPTY_JAR_FILE_ENTRY none
  • FB.AM_CREATES_EMPTY_ZIP_FILE_ENTRY none
  • FB.CN_IDIOM none
  • FB.CN_IDIOM_NO_SUPER_CALL none
  • FB.CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.DM_EXIT none
  • FB.FI_EMPTY none
  • FB.FI_EXPLICIT_INVOCATION none
  • FB.FI_FINALIZER_NULLS_FIELDS none
  • FB.FI_FINALIZER_ONLY_NULLS_FIELDS none
  • FB.FI_MISSING_SUPER_CALL none
  • FB.FI_NULLIFY_SUPER none
  • FB.FI_USELESS none
  • FB.J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • INSECURE_HTTP_FIREWALL spring_security
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • ORM_LOAD_NULL_CHECK none
  • SWAPPED_ARGUMENTS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • ALLOC_FREE_MISMATCH none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CHROOT none
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • MISSING_RESTORE likely
  • MISSING_RESTORE none
  • MISSING_RESTORE possible
  • NEGATIVE_RETURNS critical_argument
  • OPEN_ARGS none
  • PRINTF_ARGS extra_printf_arg
  • PRINTF_ARGS invalid_printf_format_string
  • PRINTF_ARGS invalid_type_printf_arg
  • PRINTF_ARGS missing_printf_arg
  • SWAPPED_ARGUMENTS none
  • UNCAUGHT_EXCEPT none
  • USE_AFTER_FREE double_free
  • VARARGS none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • IDENTIFIER_TYPO none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • EXPLICIT_THIS_EXPECTED none
  • IDENTIFIER_TYPO none
  • CALL_SUPER none
  • SWAPPED_ARGUMENTS none
1173 Improper Use of Validation Framework
1174 ASP.NET Misconfiguration: Improper Model Validation
1175 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)
1176 Inefficient CPU Computation
1177 Use of Prohibited Code
1178 Weaknesses Addressed by the SEI CERT Perl Coding Standard
1179 SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)
1180 SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
1181 SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
1182 SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT)
1183 SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR)
1184 SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP)
1185 SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO)
1186 SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC)
1187 DEPRECATED: Use of Uninitialized Resource
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
1188 Insecure Default Initialization of Resource
1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
1190 DMA Device Enabled Too Early in Boot Phase
1191 Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization
1192 System-on-Chip (SoC) Using Components without Unique, Immutable Identifiers
1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
1194 Hardware Design
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • URL_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • URL_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • URL_MANIPULATION none
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • URL_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • URL_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • URL_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
1195 Manufacturing and Life Cycle Management Concerns
1196 Security Flow Issues
1197 Integration Issues
1198 Privilege Separation and Access Control Issues
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • URL_MANIPULATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • URL_MANIPULATION none
  • URL_MANIPULATION none
1199 General Circuit and Logic Design Concerns
1200 Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.BC_NULL_INSTANCEOF none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_DEBUG_MODE none
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CSRF database_update
  • CSRF none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • CONFIG.ATS_INSECURE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1201 Core and Compute Issues
1202 Memory and Storage Issues
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
1203 Peripherals, On-chip Fabric, and Interface/IO Problems
1205 Security Primitives and Cryptography Issues
1206 Power, Clock, and Reset Concerns
1207 Debug and Test Problems
1208 Cross-Cutting Problems
  • FB.DMI_ANNOTATION_IS_NOT_VISIBLE_TO_REFLECTION none
  • FB.DMI_ARGUMENTS_WRONG_ORDER none
  • FB.DMI_BAD_MONTH none
  • FB.DMI_BIGDECIMAL_CONSTRUCTED_FROM_DOUBLE none
  • FB.DMI_BLOCKING_METHODS_ON_URL none
  • FB.DMI_CALLING_NEXT_FROM_HASNEXT none
  • FB.DMI_COLLECTIONS_SHOULD_NOT_CONTAIN_THEMSELVES none
  • FB.DMI_COLLECTION_OF_URLS none
  • FB.DMI_DOH none
  • FB.DMI_ENTRY_SETS_MAY_REUSE_ENTRY_OBJECTS none
  • FB.DMI_FUTILE_ATTEMPT_TO_CHANGE_MAXPOOL_SIZE_OF_SCHEDULED_THREAD none
  • FB.DMI_HARDCODED_ABSOLUTE_FILENAME none
  • FB.DMI_INVOKING_HASHCODE_ON_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ANONYMOUS_ARRAY none
  • FB.DMI_INVOKING_TOSTRING_ON_ARRAY none
  • FB.DMI_LONG_BITS_TO_DOUBLE_INVOKED_ON_INT none
  • FB.DMI_NONSERIALIZABLE_OBJECT_WRITTEN none
  • FB.DMI_RANDOM_USED_ONLY_ONCE none
  • FB.DMI_SCHEDULED_THREAD_POOL_EXECUTOR_WITH_ZERO_CORE_THREADS none
  • FB.DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED none
  • FB.DMI_UNSUPPORTED_METHOD none
  • FB.DMI_USELESS_SUBSTRING none
  • FB.DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION none
  • FB.DMI_VACUOUS_CALL_TO_EASYMOCK_METHOD none
  • FB.DMI_VACUOUS_SELF_COLLECTION_CALL none
  • FB.RV_01_TO_INT none
  • FB.RV_ABSOLUTE_VALUE_OF_HASHCODE none
  • FB.RV_ABSOLUTE_VALUE_OF_RANDOM_INT none
  • FB.RV_CHECK_COMPARETO_FOR_SPECIFIC_RETURN_VALUE none
  • FB.RV_CHECK_FOR_POSITIVE_INDEXOF none
  • FB.RV_DONT_JUST_NULL_CHECK_READLINE none
  • FB.RV_EXCEPTION_NOT_THROWN none
  • FB.RV_NEGATING_RESULT_OF_COMPARETO none
  • FB.RV_REM_OF_HASHCODE none
  • FB.RV_REM_OF_RANDOM_INT none
  • FB.RV_RETURN_VALUE_IGNORED none
  • FB.RV_RETURN_VALUE_IGNORED2 none
  • FB.RV_RETURN_VALUE_IGNORED_INFERRED none
  • FB.RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT none
  • FB.RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED none
1209 Failure to Disable Reserved Bits
1210 Audit / Logging Errors
  • LOG_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • INSUFFICIENT_LOGGING logging_obligation
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • LOG_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSUFFICIENT_LOGGING logging_obligation
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • INSUFFICIENT_LOGGING logging_obligation
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • LOG_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
1211 Authentication Errors
  • MISSING_AUTHZ none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • MISSING_AUTHZ none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • BAD_CERT_VERIFICATION bad_hostname_verifier
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_CERT_VERIFICATION bad_ssl_session
  • BAD_CERT_VERIFICATION bad_trust_manager
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • MISSING_AUTHZ none
  • MISSING_AUTHZ none
  • BAD_CERT_VERIFICATION ssl_verification_bypass_hi
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • BAD_CERT_VERIFICATION bad_trust_manager
  • BAD_CERT_VERIFICATION none
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.REQUEST_STRICTSSL_DISABLED request_strictssl_disabled
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • MISSING_AUTHZ none
1212 Authorization Errors
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • JSP_SQL_INJECTION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
1213 Random Number Issues
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • PREDICTABLE_RANDOM_SEED random_seed
  • PREDICTABLE_RANDOM_SEED secure_random_seed_const
  • PREDICTABLE_RANDOM_SEED secure_random_seed_sys_time
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
  • INSECURE_RANDOM insecure_random_used
  • INSECURE_RANDOM insecure_random_value
1214 Data Integrity Issues
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • JAVA_CODE_INJECTION none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_IFRAME_SANDBOX none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • CUSTOM_KEYBOARD_DATA_LEAK none
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • MISSING_IFRAME_SANDBOX none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNCHECKED_ORIGIN none
  • XML_EXTERNAL_ENTITY unrestricted_dtds
1215 Data Validation Issues
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_HTTP_FIREWALL spring_security
  • INSECURE_REMEMBER_ME_COOKIE remember_me_cookie
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • BLACKLIST_FOR_AUTHN auth_blacklist_med
  • BLACKLIST_FOR_AUTHN csrf_blacklist_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_low
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_attr_accessible_med
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_hi
  • DYNAMIC_OBJECT_ATTRIBUTES dangerous_permit_key_med
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_intent_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_navigation_whitelist
  • CONFIG.CORDOVA_PERMISSIVE_WHITELIST insecure_network_request_whitelist
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
1216 Lockout Mechanism Errors
1217 User Session Errors
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
1218 Memory Buffer Errors
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • ARRAY_VS_SINGLETON none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW pointer_deref_read
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
1219 File Handling Issues
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • PATH_MANIPULATION none
  • UNSAFE_JNI none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • PATH_MANIPULATION none
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • PATH_MANIPULATION none
  • PATH_MANIPULATION none
1220 Insufficient Granularity of Access Control
1221 Incorrect Register Defaults or Module Parameters
1222 Insufficient Granularity of Address Regions Protected by Register Locks
1223 Race Condition for Write-Once Attributes
1224 Improper Restriction of Write-Once Bit Fields
1225 Documentation Issues
1226 Complexity Issues
1227 Encapsulation Issues
1228 API / Function Errors
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • PRINTF_ARGS invalid_printf_format_string
  • SECURE_CODING none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • PRINTF_ARGS invalid_printf_format_string
  • SECURE_CODING none
  • DC.DANGEROUS none
  • DC.PREDICTABLE_KEY_PASSWORD none
  • DC.STREAM_BUFFER none
  • DC.STRING_BUFFER none
  • DC.WEAK_CRYPTO none
  • PRINTF_ARGS invalid_printf_format_string
  • SECURE_CODING none
1229 Creation of Emergent Resource
1230 Exposure of Sensitive Information Through Metadata
1231 Improper Implementation of Lock Protection Registers
1232 Improper Lock Behavior After Power State Transition
1233 Improper Hardware Lock Protection for Security Sensitive Controls
1234 Hardware Internal or Debug Modes Allow Override of Locks
1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
1236 Improper Neutralization of Formula Elements in a CSV File
1237 SFP Primary Cluster: Faulty Resource Release
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • USE_AFTER_FREE double_free
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • USE_AFTER_FREE double_free
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • USE_AFTER_FREE double_free
1238 SFP Primary Cluster: Failure to Release Memory
  • COM.ADDROF_LEAK none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
  • CTOR_DTOR_LEAK none
  • NO_EFFECT incomplete_delete
1239 Improper Zeroization of Hardware Register
1240 Use of a Risky Cryptographic Primitive
1241 Use of Predictable Algorithm in Random Number Generator
1242 Inclusion of Undocumented Features or Chicken Bits
1243 Sensitive Non-Volatile Information Not Protected During Debug
1244 Improper Access to Sensitive Information Using Debug and Test Interfaces
1245 Improper Finite State Machines (FSMs) in Hardware Logic
1246 Improper Write Handling in Limited-write Non-Volatile Memories
1247 Missing or Improperly Implemented Protection Against Voltage and Clock Glitches
1248 Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
1249 Application-Level Admin Tool with Inconsistent View of Underlying Operating System
1250 Improper Preservation of Consistency Between Independent Representations of Shared State
1251 Mirrored Regions with Different Values
1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
1253 Incorrect Selection of Fuse Values
1254 Incorrect Comparison Logic Granularity
1255 Comparison Logic is Vulnerable to Power Side-Channel Attacks
1256 Hardware Features Enable Physical Attacks from Software
1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
1259 Improper Restriction of Security Token Assignment
1260 Improper Handling of Overlap Between Protected Memory Ranges
1261 Improper Handling of Single Event Upsets
1262 Register Interface Allows Software Access to Sensitive Data or Security Settings
1263 Improper Physical Access Control
1264 Hardware Logic with Insecure De-Synchronization between Control and Data Channels
1265 Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
1266 Improper Scrubbing of Sensitive Data from Decommissioned Device
1267 Policy Uses Obsolete Encoding
1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents
1269 Product Released in Non-Release Configuration
1270 Generation of Incorrect Security Tokens
1271 Unitialized Value on Reset for Registers Holding Security Settings
1272 Sensitive Information Uncleared Before Debug/Power State Transition
1273 Device Unlock Credential Sharing
1274 Insufficient Protections on the Volatile Memory Containing Boot Code
1275 Sensitive Cookie with Improper SameSite Attribute
1276 Hardware Child Block Incorrectly Connected to Parent System
1277 Firmware Not Updateable
1278 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques
1279 Cryptographic Operations are run Before Supporting Units are Ready
1280 Access Control Check Implemented After Asset is Accessed
1281 Sequence of Processor Instructions Leads to Unexpected Behavior (Halt and Catch Fire)
1282 Assumed-Immutable Data is Stored in Writable Memory
1283 Mutable Attestation or Measurement Reporting Data
1284 Improper Validation of Specified Quantity in Input
1285 Improper Validation of Specified Index, Position, or Offset in Input
1286 Improper Validation of Syntactic Correctness of Input
1287 Improper Validation of Specified Type of Input
1288 Improper Validation of Consistency within Input
1289 Improper Validation of Unsafe Equivalence in Input
1290 Incorrect Decoding of Security Identifiers
1291 Public Key Re-Use for Signing both Debug and Production Code
1292 Incorrect Conversion of Security Identifiers
1293 Missing Source Correlation of Multiple Independent Data
1294 Insecure Security Identifier Mechanism
1295 Debug Messages Revealing Unnecessary Information
1296 Incorrect Chaining or Granularity of Debug Components
1297 Unprotected Confidential Information on Device is Accessible by OSAT Vendors
1298 Hardware Logic Contains Race Conditions
1299 Missing Protection Mechanism for Alternate Hardware Interface
1300 Improper Protection Against Physical Side Channels
1301 Insufficient or Incomplete Data Removal within Hardware Component
1302 Missing Security Identifier
1303 Non-Transparent Sharing of Microarchitectural Resources
1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
1305 CISQ Quality Measures (2020)
  • BAD_EQ referential
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_THROW none
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FLOATING_POINT_EQUALITY none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DC.DEADLOCK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_BREAK none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • MISSING_THROW none
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORM_LOAD_NULL_CHECK none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • UNREACHABLE none
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_COOKIE missing_httponly_low
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNREACHABLE none
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DEADCODE none
  • DEADCODE redundant_test
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • NULL_RETURNS none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNREACHABLE none
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1306 CISQ Quality Measures - Reliability
  • BAD_EQ referential
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • GUARDED_BY_VIOLATION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_THROW none
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OVERFLOW_BEFORE_WIDEN none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FLOATING_POINT_EQUALITY none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BAD_CAST none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.CONVERSION_TO_POINTER_LOSES_BITS none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SLEEP none
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER none
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DC.DEADLOCK none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FB.BC_NULL_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DE_MIGHT_DROP none
  • FB.DE_MIGHT_IGNORE none
  • FB.EQ_ABSTRACT_SELF none
  • FB.EQ_ALWAYS_FALSE none
  • FB.EQ_ALWAYS_TRUE none
  • FB.EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS none
  • FB.EQ_COMPARETO_USE_OBJECT_EQUALS none
  • FB.EQ_COMPARING_CLASS_NAMES none
  • FB.EQ_DOESNT_OVERRIDE_EQUALS none
  • FB.EQ_DONT_DEFINE_EQUALS_FOR_ENUM none
  • FB.EQ_GETCLASS_AND_CLASS_CONSTANT none
  • FB.EQ_OTHER_NO_OBJECT none
  • FB.EQ_OTHER_USE_OBJECT none
  • FB.EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC none
  • FB.EQ_SELF_NO_OBJECT none
  • FB.EQ_SELF_USE_OBJECT none
  • FB.EQ_UNUSUAL none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.REC_CATCH_EXCEPTION none
  • FB.RU_INVOKE_RUN none
  • FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_BREAK none
  • MISSING_THROW none
  • NON_STATIC_GUARDING_STATIC none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORM_LOAD_NULL_CHECK none
  • OVERFLOW_BEFORE_WIDEN none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • USE_AFTER_FREE none
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FORWARD_NULL bad_null_value_use
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE comparator_misuse
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DELETE_VOID none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EVALUATION_ORDER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • INCOMPATIBLE_CAST endianness
  • INCOMPATIBLE_CAST float_vs_integral
  • INCOMPATIBLE_CAST none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_BREAK none
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS none
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • ORDER_REVERSAL none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • READLINK none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_INULL none
  • REVERSE_NEGATIVE critical_argument
  • REVERSE_NEGATIVE none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SIZECHECK none
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNCAUGHT_EXCEPT none
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • MISSING_BREAK none
  • NO_EFFECT self_assign
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL bad_null_value_use
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • FORWARD_NULL bad_null_value_use
  • NO_EFFECT self_assign
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SQLI sql_injection_dynamic_finder_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • UNEXPECTED_CONTROL_FLOW ignored_exception_to_optional
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER winston_exception_handling
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FORWARD_NULL bad_null_value_use
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • MISSING_BREAK none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • NULL_RETURNS none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • CONFIG.MISSING_CUSTOM_ERROR_PAGE none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LOCK_EVASION none
  • NULL_RETURNS none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
1307 CISQ Quality Measures - Maintainability
  • BAD_EQ_TYPES none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • SIZEOF_MISMATCH missing_parentheses
  • UNREACHABLE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • SIZEOF_MISMATCH missing_parentheses
  • UNREACHABLE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH none
  • FB.SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW none
  • FB.SF_SWITCH_FALLTHROUGH none
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • UNREACHABLE none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • NO_EFFECT extra_comma
  • NO_EFFECT no_effect_test
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • SIZEOF_MISMATCH missing_parentheses
  • UNREACHABLE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • MISSING_BREAK none
  • UNREACHABLE none
  • DEADCODE dead_case_in_switch
  • DEADCODE dead_default_in_switch
  • DEADCODE effectively_constant
  • DEADCODE none
  • DEADCODE redundant_test
  • IDENTICAL_BRANCHES case
  • IDENTICAL_BRANCHES chain
  • IDENTICAL_BRANCHES if
  • IDENTICAL_BRANCHES ternary
  • UNREACHABLE none
1308 CISQ Quality Measures - Security
  • BAD_EQ_TYPES none
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • NON_STATIC_GUARDING_STATIC none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • Y2K38_SAFETY declaration_with_small_time_t
  • Y2K38_SAFETY truncation_of_time_t
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN returns_error_info
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.ASSIGN_WHERE_COMPARE_MEANT none
  • PW.BRANCH_PAST_INITIALIZATION none
  • PW.DIVIDE_BY_ZERO none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.RETURN_PTR_TO_LOCAL_TEMP none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • PW.UNSIGNED_COMPARE_WITH_NEGATIVE none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ATOMICITY none
  • CHECKED_RETURN none
  • CHECKED_RETURN unchecked_arg
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DISTRUSTED_DATA_DESERIALIZATION none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • GUARDED_BY_VIOLATION none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INSUFFICIENT_LOGGING logging_obligation
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • LOCK_INVERSION none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SLEEP none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ATOMICITY none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • BAD_LOCK_OBJECT boxed_lock
  • BAD_LOCK_OBJECT interned_string_lock
  • BAD_LOCK_OBJECT none
  • BAD_LOCK_OBJECT single_thread_lock
  • BAD_LOCK_OBJECT unsafe_assign_to_locked_field
  • CALL_SUPER finalize
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN user_required
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.UNSAFE_SESSION_TIMEOUT none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • DC.DEADLOCK none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • EL_INJECTION none
  • FB.BC_IMPOSSIBLE_CAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST none
  • FB.BC_IMPOSSIBLE_DOWNCAST_OF_TOARRAY none
  • FB.BC_IMPOSSIBLE_INSTANCEOF none
  • FB.BC_VACUOUS_INSTANCEOF none
  • FB.BX_BOXING_IMMEDIATELY_UNBOXED_TO_PERFORM_COERCION none
  • FB.DC_DOUBLECHECK none
  • FB.DC_PARTIALLY_CONSTRUCTED none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.ES_COMPARING_PARAMETER_STRING_WITH_EQ none
  • FB.ES_COMPARING_STRINGS_WITH_EQ none
  • FB.ICAST_BAD_SHIFT_AMOUNT none
  • FB.ICAST_IDIV_CAST_TO_DOUBLE none
  • FB.ICAST_INTEGER_MULTIPLY_CAST_TO_LONG none
  • FB.ICAST_INT_2_LONG_AS_INSTANT none
  • FB.ICAST_INT_CAST_TO_DOUBLE_PASSED_TO_CEIL none
  • FB.ICAST_INT_CAST_TO_FLOAT_PASSED_TO_ROUND none
  • FB.ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT none
  • FB.LI_LAZY_INIT_STATIC none
  • FB.LI_LAZY_INIT_UPDATE_STATIC none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.QBA_QUESTIONABLE_BOOLEAN_ASSIGNMENT none
  • FB.RU_INVOKE_RUN none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • GUARDED_BY_VIOLATION none
  • GUARDED_BY_VIOLATION unlocked_read
  • GUARDED_BY_VIOLATION unlocked_write
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • LOCK_INVERSION none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NON_STATIC_GUARDING_STATIC none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SERVLET_ATOMICITY attribute_init_race
  • SERVLET_ATOMICITY none
  • SERVLET_ATOMICITY violation_on_session_object
  • SINGLETON_RACE none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • USE_AFTER_FREE none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • BAD_CERT_VERIFICATION bad_revocation_check
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ALLOC_FREE_MISMATCH none
  • ARRAY_VS_SINGLETON none
  • ATOMICITY none
  • BAD_ALLOC_ARITHMETIC none
  • BAD_ALLOC_STRLEN none
  • BAD_COMPARE misuse_of_not
  • BAD_COMPARE string_lit_comparison
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • BAD_SIZEOF none
  • BAD_SIZEOF sizeof_ptr_expr
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CHAR_IO none
  • CHECKED_RETURN library_function
  • CHECKED_RETURN none
  • CHECKED_RETURN short_read
  • CHECKED_RETURN unchecked_arg
  • CHECKED_RETURN user_required
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • LOCK double_lock
  • LOCK missing_unlock
  • LOCK none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA_CAST bitwise_op_bad_cast
  • MISRA_CAST bitwise_op_no_cast
  • MISRA_CAST float_complex_conversion
  • MISRA_CAST float_narrowing_conversion
  • MISRA_CAST float_non_constant_arg_conversion
  • MISRA_CAST float_non_constant_conversion
  • MISRA_CAST float_non_constant_rtn_conversion
  • MISRA_CAST float_to_integer_cast
  • MISRA_CAST float_to_integer_conversion
  • MISRA_CAST float_widening_cast
  • MISRA_CAST integer_complex_conversion
  • MISRA_CAST integer_narrowing_conversion
  • MISRA_CAST integer_non_constant_arg_conversion
  • MISRA_CAST integer_non_constant_conversion
  • MISRA_CAST integer_non_constant_rtn_conversion
  • MISRA_CAST integer_signedness_changing_cast
  • MISRA_CAST integer_signedness_changing_conversion
  • MISRA_CAST integer_to_float_cast
  • MISRA_CAST integer_to_float_conversion
  • MISRA_CAST integer_widening_cast
  • MISRA_CAST none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • MISSING_LOCK none
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT bad_memset_fill_value
  • NO_EFFECT bad_memset_truncated_fill
  • NO_EFFECT bad_memset_zero_size
  • NO_EFFECT extra_comma
  • NO_EFFECT incomplete_delete
  • NO_EFFECT no_effect_test
  • NO_EFFECT self_assign
  • NO_EFFECT unsigned_compare
  • NO_EFFECT unsigned_compare_macros
  • NO_EFFECT unsigned_enums
  • ORDER_REVERSAL none
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • RETURN_LOCAL escape_local_addr_to_fields_or_globals
  • RETURN_LOCAL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SIGN_EXTENSION none
  • SIZECHECK ampersand_in_size
  • SIZECHECK improper_new
  • SIZECHECK incorrect_multiplication
  • SIZECHECK likely_overflow
  • SIZECHECK none
  • SIZEOF_MISMATCH missing_parentheses
  • SIZEOF_MISMATCH sizeof_punning
  • SLEEP none
  • SQLI none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • UNINIT array_index_read
  • UNINIT array_index_write
  • UNINIT none
  • UNINIT pointer_deref_read
  • UNINIT pointer_deref_write
  • UNINIT_CTOR none
  • UNINIT_CTOR pointer
  • URL_MANIPULATION none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_close
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • USE_AFTER_FREE use_after_close
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • DIVIDE_BY_ZERO divide_by_zero_low
  • DIVIDE_BY_ZERO divide_by_zero_med
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • NO_EFFECT self_assign
  • OVERFLOW_BEFORE_WIDEN none
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.JSONWEBTOKEN_NON_EXPIRING_TOKEN jwt_non_expiring_token
  • CONFIG.UNSAFE_SESSION_TIMEOUT client_sessions_unsafe_session_timeout
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_mongo_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT connect_redis_session_timeout_too_long
  • CONFIG.UNSAFE_SESSION_TIMEOUT google_cloud_connect_datastore_unsafe_session_timeout
  • CONSTANT_EXPRESSION_RESULT logical_vs_bitwise
  • CONSTANT_EXPRESSION_RESULT missing_parentheses
  • CONSTANT_EXPRESSION_RESULT operator_confusion
  • CONSTANT_EXPRESSION_RESULT unnecessary_op_assign
  • CORS_MISCONFIGURATION_AUDIT cors_preflight_age_too_long
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_max_age
  • INSECURE_ACL insecure_acl
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSUFFICIENT_LOGGING logging_obligation
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_aws
  • INSUFFICIENT_PRESIGNED_URL_TIMEOUT insufficient_presigned_url_timeout_google
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_exipration
  • JSONWEBTOKEN_IGNORED_EXPIRATION_TIME jwt_not_before
  • LOCALSTORAGE_MANIPULATION none
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • NO_EFFECT self_assign
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPORARY_CREDENTIALS_DURATION temporary_credentials_duration
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • DIVIDE_BY_ZERO float_divisor
  • DIVIDE_BY_ZERO none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INFINITE_LOOP no_escape
  • INFINITE_LOOP none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOCK_EVASION none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNLOGGED_SECURITY_EXCEPTION unlogged_security_exception
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
1309 CISQ Quality Measures - Efficiency
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC leak
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_CERT_VERIFICATION bad_revocation_check
  • CALL_SUPER finalize
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • BAD_CERT_VERIFICATION bad_revocation_check
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • ALLOC_FREE_MISMATCH none
  • BAD_FREE address
  • BAD_FREE alloca
  • BAD_FREE array
  • BAD_FREE first_field_address
  • BAD_FREE function_pointer
  • BAD_FREE none
  • CTOR_DTOR_LEAK none
  • DELETE_ARRAY non_array_delete
  • DELETE_ARRAY none
  • DELETE_ARRAY object
  • DELETE_ARRAY scalar
  • NO_EFFECT incomplete_delete
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK fds_handles
  • RESOURCE_LEAK none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • RESOURCE_LEAK channel
  • RESOURCE_LEAK database
  • RESOURCE_LEAK exceptional_path
  • RESOURCE_LEAK none
  • RESOURCE_LEAK socket
  • RESOURCE_LEAK stream
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
1350 Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.ASPNET_VERSION_HEADER none
  • CONFIG.CONNECTION_STRING_PASSWORD none
  • CONFIG.COOKIES_MISSING_HTTPONLY none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.ENABLED_DEBUG_MODE none
  • CONFIG.ENABLED_TRACE_MODE none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COOKIE dotnet
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • COM.ADDROF_LEAK none
  • COM.BAD_FREE none
  • COM.BSTR.ALLOC double_free
  • COM.BSTR.ALLOC free_uninit
  • COM.BSTR.ALLOC leak
  • COM.BSTR.ALLOC none
  • COM.BSTR.ALLOC use_after_free
  • COM.BSTR.ALLOC use_uninit
  • COM.BSTR.CONV none
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • AUTOSAR C++14 A15-3-3 none
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISRA C++-2008 Rule 15-3-2 none
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • PW.INTEGER_OVERFLOW none
  • PW.INTEGER_TOO_LARGE none
  • PW.NON_CONST_PRINTF_FORMAT_STRING none
  • PW.SHIFT_COUNT_TOO_LARGE none
  • READLINK none
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • DISTRUSTED_DATA_DESERIALIZATION none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • URL_MANIPULATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • CONFIG.DWR_DEBUG_MODE none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.JAVAEE_MISSING_HTTPONLY none
  • CONFIG.JAVAEE_MISSING_SERVLET_MAPPING javaee
  • CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT none
  • CONFIG.MYBATIS_MAPPER_SQLI none
  • CONFIG.SPRING_BOOT_SENSITIVE_LOGGING spring_boot_logging
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_certificate_validation_skipped
  • CONFIG.SPRING_BOOT_SSL_DISABLED spring_boot_ssl_disabled
  • CONFIG.SPRING_SECURITY_CSRF_PROTECTION_DISABLED spring_security
  • CONFIG.SPRING_SECURITY_DEBUG_MODE spring_debug_mode_enabled
  • CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER deprecated_xss_header
  • CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS none
  • CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID session_id_in_url
  • CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS none
  • CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP spring_security_login_over_http
  • CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION none
  • CONFIG.SPRING_SECURITY_SESSION_FIXATION spring_security_source_code
  • CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER authentication_filter
  • CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH weak_encoding_for_password
  • CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN none
  • CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION none
  • CONFIG.STRUTS2_ENABLED_DEV_MODE none
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • DISABLED_ENCRYPTION text_encryptor
  • EL_INJECTION none
  • EXPOSED_PREFERENCES none
  • FB.BC_NULL_INSTANCEOF none
  • FB.DMI_CONSTANT_DB_PASSWORD none
  • FB.DMI_EMPTY_DB_PASSWORD none
  • FB.HRS_REQUEST_PARAMETER_TO_COOKIE none
  • FB.HRS_REQUEST_PARAMETER_TO_HTTP_HEADER none
  • FB.NP_ALWAYS_NULL none
  • FB.NP_ALWAYS_NULL_EXCEPTION none
  • FB.NP_ARGUMENT_MIGHT_BE_NULL none
  • FB.NP_BOOLEAN_RETURN_NULL none
  • FB.NP_CLONE_COULD_RETURN_NULL none
  • FB.NP_CLOSING_NULL none
  • FB.NP_DEREFERENCE_OF_READLINE_VALUE none
  • FB.NP_DOES_NOT_HANDLE_NULL none
  • FB.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT none
  • FB.NP_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_GUARANTEED_DEREF none
  • FB.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH none
  • FB.NP_IMMEDIATE_DEREFERENCE_OF_READLINE none
  • FB.NP_LOAD_OF_KNOWN_NULL_VALUE none
  • FB.NP_METHOD_PARAMETER_RELAXING_ANNOTATION none
  • FB.NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION none
  • FB.NP_METHOD_RETURN_RELAXING_ANNOTATION none
  • FB.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR none
  • FB.NP_NONNULL_PARAM_VIOLATION none
  • FB.NP_NONNULL_RETURN_VIOLATION none
  • FB.NP_NULL_INSTANCEOF none
  • FB.NP_NULL_ON_SOME_PATH none
  • FB.NP_NULL_ON_SOME_PATH_EXCEPTION none
  • FB.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE none
  • FB.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE none
  • FB.NP_NULL_PARAM_DEREF none
  • FB.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS none
  • FB.NP_NULL_PARAM_DEREF_NONVIRTUAL none
  • FB.NP_OPTIONAL_RETURN_NULL none
  • FB.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE none
  • FB.NP_STORE_INTO_NONNULL_FIELD none
  • FB.NP_TOSTRING_COULD_RETURN_NULL none
  • FB.NP_UNWRITTEN_FIELD none
  • FB.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD none
  • FB.PT_ABSOLUTE_PATH_TRAVERSAL none
  • FB.PT_RELATIVE_PATH_TRAVERSAL none
  • FB.RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE none
  • FB.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE none
  • FB.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE none
  • FB.SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING none
  • FB.XSS_REQUEST_PARAMETER_TO_JSP_WRITER none
  • FB.XSS_REQUEST_PARAMETER_TO_SEND_ERROR none
  • FB.XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL needs_null_check
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION insecure_communication
  • INSECURE_COMMUNICATION none
  • INSECURE_COMMUNICATION unencrypted_connection
  • INVALIDATE_ITERATOR map_put
  • INVALIDATE_ITERATOR none
  • JAVA_CODE_INJECTION none
  • JCR_INJECTION none
  • JSP_DYNAMIC_INCLUDE none
  • JSP_SQL_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • MISSING_HEADER_VALIDATION missing_header_validation
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OGNL_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSION_FIXATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNKNOWN_LANGUAGE_INJECTION none
  • UNLIMITED_CONCURRENT_SESSIONS unlimited_concurrent_sessions
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_JNI none
  • UNSAFE_NAMED_QUERY none
  • UNSAFE_REFLECTION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • VERBOSE_ERROR_REPORTING exception_information
  • VERBOSE_ERROR_REPORTING stack_trace
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ANDROID_DEBUG_MODE none
  • CONFIG.ANDROID_BACKUPS_ALLOWED android
  • EXPOSED_PREFERENCES none
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HEADER_INJECTION none
  • INSECURE_COMMUNICATION none
  • OS_CMD_INJECTION command_as_array_of_args
  • OS_CMD_INJECTION command_as_one_string
  • PATH_MANIPULATION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_clipboard
  • SENSITIVE_DATA_LEAK cleartext_storage_in_content_provider
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_intent
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_database_write
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_access
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_read
  • UNRESTRICTED_ACCESS_TO_FILE unrestricted_file_write
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION bad_content_uri
  • URL_MANIPULATION bad_intent_uri
  • URL_MANIPULATION bad_web_uri
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • ARRAY_VS_SINGLETON none
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK nested_memory_access
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK sensitive_data_comparison
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_execution_data_leak
  • AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK speculative_uninitialized_use
  • BAD_ALLOC_ARITHMETIC none
  • BUFFER_SIZE fixed_size_dest
  • BUFFER_SIZE likely_overflow
  • BUFFER_SIZE no_null_terminator
  • BUFFER_SIZE no_null_terminator_warn
  • BUFFER_SIZE none
  • BUFFER_SIZE overflow
  • BUFFER_SIZE overlapping_buffer
  • CTOR_DTOR_LEAK none
  • FORMAT_STRING_INJECTION none
  • FORMAT_STRING_INJECTION paranoid
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • INCOMPATIBLE_CAST overrun
  • INTEGER_OVERFLOW array_index_read
  • INTEGER_OVERFLOW array_index_write
  • INTEGER_OVERFLOW const_overflow
  • INTEGER_OVERFLOW critical_argument
  • INTEGER_OVERFLOW none
  • INTEGER_OVERFLOW pointer_deref_read
  • INTEGER_OVERFLOW pointer_deref_write
  • INTEGER_OVERFLOW return_value_error
  • INVALIDATE_ITERATOR none
  • MISMATCHED_ITERATOR none
  • MISMATCHED_ITERATOR splice_iterator_mismatch
  • MISSING_ASSIGN none
  • MISSING_ASSIGN uncalled
  • MISSING_COPY none
  • MISSING_COPY uncalled
  • NEGATIVE_RETURNS array_index_read
  • NEGATIVE_RETURNS array_index_write
  • NEGATIVE_RETURNS loop_bound
  • NO_EFFECT incomplete_delete
  • NULL_RETURNS none
  • NULL_RETURNS unimpl
  • OS_CMD_INJECTION none
  • OVERFLOW_BEFORE_WIDEN none
  • OVERRUN illegal_address
  • OVERRUN none
  • OVERRUN read
  • OVERRUN strlen
  • OVERRUN write
  • PATH_MANIPULATION none
  • READLINK none
  • RESOURCE_LEAK fds_handles
  • REVERSE_INULL none
  • REVERSE_NEGATIVE array_index_read
  • REVERSE_NEGATIVE array_index_write
  • REVERSE_NEGATIVE critical_argument
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SIZECHECK likely_overflow
  • SIZECHECK no_null_terminator
  • SQLI none
  • STACK_USE none
  • STRING_NULL none
  • STRING_OVERFLOW fixed_size_dest
  • STRING_OVERFLOW likely_overflow
  • STRING_OVERFLOW none
  • STRING_SIZE none
  • TAINTED_SCALAR allocation
  • TAINTED_SCALAR array_index_read
  • TAINTED_SCALAR array_index_write
  • TAINTED_SCALAR critical_argument
  • TAINTED_SCALAR divisor
  • TAINTED_SCALAR loop_bound
  • TAINTED_SCALAR none
  • TAINTED_SCALAR pointer_deref_read
  • TAINTED_SCALAR pointer_deref_write
  • TAINTED_STRING none
  • UNCAUGHT_EXCEPT none
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • URL_MANIPULATION none
  • USER_POINTER none
  • USE_AFTER_FREE deref_read_after_free
  • USE_AFTER_FREE deref_write_after_free
  • USE_AFTER_FREE double_free
  • USE_AFTER_FREE none
  • VIRTUAL_DTOR empty_dtor
  • VIRTUAL_DTOR none
  • WEAK_GUARD dns
  • WEAK_GUARD dns_sensitive_op
  • WEAK_GUARD http_referer
  • WEAK_GUARD http_referer_sensitive_op
  • WEAK_GUARD ip_address
  • WEAK_GUARD ip_address_sensitive_op
  • WEAK_GUARD none
  • WEAK_GUARD os_login
  • WEAK_GUARD os_login_sensitive_op
  • WEAK_GUARD principal_name
  • WEAK_GUARD principal_name_sensitive_op
  • WRAPPER_ESCAPE COM_deref_read_after_free
  • WRAPPER_ESCAPE COM_deref_write_after_free
  • WRAPPER_ESCAPE COM_use_after_free
  • WRAPPER_ESCAPE deref_read_after_free
  • WRAPPER_ESCAPE deref_write_after_free
  • WRAPPER_ESCAPE none
  • XPATH_INJECTION none
  • CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SYMFONY_EL_INJECTION none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_REFLECTION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • CSRF database_update
  • CSRF none
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • MISSING_AUTHZ none
  • NOSQL_QUERY_INJECTION none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNSAFE_DESERIALIZATION none
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • COOKIE_SERIALIZER_CONFIG unsafe_cookie_serialization_med
  • CSRF csrf_not_protected_by_raising_exception_med
  • CSRF csrf_protection_disabled_hi
  • CSRF csrf_protection_missing_hi
  • CSRF cve_2011_0447_hi
  • DYNAMIC_OBJECT_ATTRIBUTES cve_2013_0276_hi
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS secret_in_source_med
  • INSECURE_COOKIE missing_httponly_low
  • INSECURE_DIRECT_OBJECT_REFERENCE unscoped_find_low
  • OPEN_REDIRECT open_redirect_hi
  • OPEN_REDIRECT open_redirect_low
  • OS_CMD_INJECTION command_injection_hi
  • OS_CMD_INJECTION command_injection_med
  • PATH_MANIPULATION dynamic_render_path_hi
  • PATH_MANIPULATION dynamic_render_path_low
  • PATH_MANIPULATION dynamic_render_path_med
  • PATH_MANIPULATION dynamic_render_path_rce_hi
  • PATH_MANIPULATION file_access_hi
  • PATH_MANIPULATION file_access_low
  • PATH_MANIPULATION file_access_med
  • RAILS_DEFAULT_ROUTES all_default_routes_hi
  • RAILS_DEFAULT_ROUTES controller_default_routes_med
  • RAILS_DEFAULT_ROUTES cve_2014_0130_hi
  • RAILS_DEFAULT_ROUTES cve_2014_0130_med
  • RAILS_DEVISE_CONFIG devise_lock_strategy_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_low
  • RAILS_DEVISE_CONFIG devise_password_length_max_med
  • RAILS_DEVISE_CONFIG devise_password_length_min_low
  • RAILS_DEVISE_CONFIG devise_password_length_min_med
  • RAILS_DEVISE_CONFIG devise_reset_timeout_hi
  • RAILS_MISSING_FILTER_ACTION missing_action_filter_low
  • REGEX_INJECTION regex_dos_hi
  • REGEX_INJECTION regex_dos_low
  • REGEX_INJECTION regex_dos_med
  • RESOURCE_LEAK unsafe_symbol_creation_low
  • REVERSE_INULL none
  • REVERSE_TABNABBING reverse_tabnabbing_low
  • RUBY_VULNERABLE_LIBRARY cve_2010_3933_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2929_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2930_med
  • RUBY_VULNERABLE_LIBRARY cve_2011_2931_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_2932_hi
  • RUBY_VULNERABLE_LIBRARY cve_2011_3186_med
  • RUBY_VULNERABLE_LIBRARY cve_2012_2660_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2661_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_2695_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3424_low
  • RUBY_VULNERABLE_LIBRARY cve_2012_3463_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_3465_hi
  • RUBY_VULNERABLE_LIBRARY cve_2012_5664_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0155_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0156_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_low
  • RUBY_VULNERABLE_LIBRARY cve_2013_0269_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_0277_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_0333_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1854_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_1855_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_1857_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_4491_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6414_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2013_6416_med
  • RUBY_VULNERABLE_LIBRARY cve_2013_6417_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0080_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_0081_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_0082_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3482_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3483_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_hi
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_low
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_call_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_3514_med
  • RUBY_VULNERABLE_LIBRARY cve_2014_7829_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_3226_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_3227_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7576_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7577_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7578_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7579_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_hi
  • RUBY_VULNERABLE_LIBRARY cve_2015_7580_med
  • RUBY_VULNERABLE_LIBRARY cve_2015_7581_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_0751_med
  • RUBY_VULNERABLE_LIBRARY cve_2016_6317_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3741_med
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_3760_low
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_hi
  • RUBY_VULNERABLE_LIBRARY cve_2018_8048_med
  • RUBY_VULNERABLE_LIBRARY safe_buffer_vuln_med
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_low
  • RUBY_VULNERABLE_LIBRARY select_options_vuln_med
  • RUBY_VULNERABLE_LIBRARY translate_vuln_hi
  • RUBY_VULNERABLE_LIBRARY translate_vuln_med
  • SCRIPT_CODE_INJECTION code_eval_hi
  • SCRIPT_CODE_INJECTION code_eval_low
  • SENSITIVE_DATA_LEAK detailed_exceptions_hi
  • SENSITIVE_DATA_LEAK detailed_exceptions_med
  • SENSITIVE_DATA_LEAK local_request_config_hi
  • SQLI sql_injection_calculate_hi
  • SQLI sql_injection_calculate_low
  • SQLI sql_injection_calculate_med
  • SQLI sql_injection_connection_hi
  • SQLI sql_injection_connection_low
  • SQLI sql_injection_connection_med
  • SQLI sql_injection_delete_hi
  • SQLI sql_injection_delete_low
  • SQLI sql_injection_delete_med
  • SQLI sql_injection_dynamic_finder_med
  • SQLI sql_injection_exists_hi
  • SQLI sql_injection_find_by_hi
  • SQLI sql_injection_find_hi
  • SQLI sql_injection_find_low
  • SQLI sql_injection_find_med
  • SQLI sql_injection_from_hi
  • SQLI sql_injection_from_low
  • SQLI sql_injection_from_med
  • SQLI sql_injection_group_low
  • SQLI sql_injection_group_med
  • SQLI sql_injection_having_low
  • SQLI sql_injection_having_med
  • SQLI sql_injection_hi
  • SQLI sql_injection_interp_hi
  • SQLI sql_injection_interp_low
  • SQLI sql_injection_interp_med
  • SQLI sql_injection_joins_hi
  • SQLI sql_injection_joins_low
  • SQLI sql_injection_joins_med
  • SQLI sql_injection_limit_offset_hi
  • SQLI sql_injection_limit_offset_low
  • SQLI sql_injection_low
  • SQLI sql_injection_med
  • SQLI sql_injection_not_low
  • SQLI sql_injection_order_hi
  • SQLI sql_injection_order_low
  • SQLI sql_injection_order_med
  • SQLI sql_injection_pluck_hi
  • SQLI sql_injection_pluck_low
  • SQLI sql_injection_pluck_med
  • SQLI sql_injection_reorder_hi
  • SQLI sql_injection_reorder_low
  • SQLI sql_injection_reorder_med
  • SQLI sql_injection_select_hi
  • SQLI sql_injection_select_med
  • SQLI sql_injection_where_hi
  • SQLI sql_injection_where_low
  • SQLI sql_injection_where_med
  • STRICT_TRANSPORT_SECURITY force_ssl_disabled_med
  • UNESCAPED_HTML unescaped_output_low
  • UNSAFE_BASIC_AUTH basic_auth_password_hi
  • UNSAFE_BASIC_AUTH basic_auth_timing_attack_low
  • UNSAFE_BASIC_AUTH basic_auth_usage_low
  • UNSAFE_DESERIALIZATION unsafe_deserialize_hi
  • UNSAFE_DESERIALIZATION unsafe_deserialize_med
  • UNSAFE_REFLECTION dangerous_send_hi
  • UNSAFE_REFLECTION unsafe_constantize_hi
  • UNSAFE_REFLECTION unsafe_constantize_med
  • UNSAFE_SESSION_SETTING http_cookies_hi
  • UNSAFE_SESSION_SETTING session_secret_hi
  • XSS cross_site_scripting_hi
  • XSS cross_site_scripting_inline_hi
  • XSS cross_site_scripting_inline_med
  • XSS cross_site_scripting_low
  • XSS cross_site_scripting_med
  • XSS cve_2011_0446_hi
  • XSS cve_2012_3464_med
  • XSS cve_2016_6316_hi
  • XSS cve_2016_6316_med
  • XSS unquoted_attribute_hi
  • XSS unquoted_attribute_low
  • XSS unquoted_attribute_med
  • XSS xss_content_tag_hi
  • XSS xss_content_tag_med
  • XSS xss_link_to_hi
  • XSS xss_link_to_href_hi
  • XSS xss_link_to_href_low
  • XSS xss_link_to_med
  • XSS xss_to_json_hi
  • XSS xss_to_json_med
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • OVERFLOW_BEFORE_WIDEN none
  • REVERSE_INULL none
  • CONFIG.ATS_INSECURE none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL none
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • INSECURE_COMMUNICATION none
  • INSECURE_MULTIPEER_CONNECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_cookie
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_database
  • UNENCRYPTED_SENSITIVE_DATA cleartext_in_file
  • UNENCRYPTED_SENSITIVE_DATA cleartext_transmission
  • WEAK_BIOMETRIC_AUTH none
  • XML_EXTERNAL_ENTITY external_entities
  • XPATH_INJECTION none
  • ANGULAR_BYPASS_SECURITY none
  • ANGULAR_ELEMENT_REFERENCE none
  • ANGULAR_EXPRESSION_INJECTION none
  • ANGULAR_SCE_DISABLED angular_sce_disabled
  • AWS_SSL_DISABLED aws_ssl_disabled
  • AWS_VALIDATION_DISABLED aws_credentials_validation
  • AWS_VALIDATION_DISABLED aws_parameters_validation
  • BAD_CERT_VERIFICATION bad_cert_verification
  • BAD_CERT_VERIFICATION certificate_validation_disabled
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_fields
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_file_path
  • BUSBOY_MISCONFIGURATION busboy_misconfiguration_of_filesize
  • CONFIG.COOKIE_SIGNING_DISABLED cookie_session_signing_disabled
  • CONFIG.CORDOVA_EXCESSIVE_LOGGING cordova
  • CONFIG.CSURF_IGNORE_METHODS csurf_ignore_methods
  • CONFIG.ENABLED_DEBUG_MODE debug_mode_enabled
  • CONFIG.HANA_XS_PREVENT_XSRF_DISABLED none
  • CONFIG.HARDCODED_CREDENTIALS_AUDIT hardcoded_credentials_audit
  • CONFIG.HARDCODED_TOKEN hardcoded_token_configuration
  • CONFIG.MYSQL_SSL_VERIFY_DISABLED mysql_ssl_verify_disabled
  • CONFIG.SEQUELIZE_ENABLED_LOGGING sequelize_logging_enabled
  • CONFIG.SEQUELIZE_INSECURE_CONNECTION sequelize_insecure_connection
  • CONFIG.SOCKETIO_MAXHTTPBUFFERSIZE_SET_TOO_LARGE socketio_max_buffer_size
  • CONFIG.SOCKETIO_ORIGINS_ACCEPT_ALL socketio_all_origins
  • CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS vuerouter_exposed_params
  • COOKIE_INJECTION none
  • CORS_MISCONFIGURATION cors_configured_globally
  • CORS_MISCONFIGURATION cors_origin_string
  • CORS_MISCONFIGURATION cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION cors_without_credentials_permissive_origin
  • CORS_MISCONFIGURATION_AUDIT cors_expose_sensitive_header
  • CORS_MISCONFIGURATION_AUDIT cors_headers_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_methods_allowed
  • CORS_MISCONFIGURATION_AUDIT cors_origin_string
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_all_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_null_origin
  • CORS_MISCONFIGURATION_AUDIT cors_with_credentials_subdomain_origin
  • CORS_MISCONFIGURATION_AUDIT cors_without_credentials_permissive_origin
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_cookie_name
  • CSRF_MISCONFIGURATION_HAPI_CRUMB hapi_crumb_no_validation
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insecure_cookie
  • CSRF_MISCONFIGURATION_HAPI_CRUMB insufficient_token_entropy
  • CSS_INJECTION none
  • DNS_PREFETCHING helmet_dns_prefetching
  • DOM_XSS none
  • EXPRESS_SESSION_UNSAFE_MEMORYSTORE express_session_unsafe_memorystore
  • EXPRESS_WINSTON_SENSITIVE_LOGGING error_logger
  • EXPRESS_WINSTON_SENSITIVE_LOGGING meta_data
  • EXPRESS_WINSTON_SENSITIVE_LOGGING request_logger
  • EXPRESS_X_POWERED_BY_ENABLED x_powered_by_http_header
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_fields
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_file_path
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_filesize
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_safe_file_names
  • FILE_UPLOAD_MISCONFIGURATION file_upload_misconfiguration_of_use_temp_files
  • FORWARD_NULL bad_null_value_use
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_report_uri
  • HPKP_MISCONFIGURATION hpkp_misconfiguration_of_set_if
  • INSECURE_ACL insecure_acl
  • INSECURE_COMMUNICATION insecure_connection
  • INSECURE_COOKIE client_sessions_express_session
  • INSECURE_COOKIE hapi_server_session
  • INSECURE_REFERRER_POLICY insecure_referrer_policy
  • LOCALSTORAGE_MANIPULATION none
  • MISSING_AUTHZ none
  • MULTER_MISCONFIGURATION multer_applied_globally
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_count
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_file_path
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_limits
  • MULTER_MISCONFIGURATION multer_misconfiguration_of_storage
  • NOSQL_QUERY_INJECTION none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REACT_DANGEROUS_INNERHTML react_set_unsafe_html
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • REVERSE_TABNABBING react_target_blank
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SESSIONSTORAGE_MANIPULATION none
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • TAINTED_ENVIRONMENT_WITH_EXECUTION none
  • TEMPLATE_INJECTION none
  • UNLESS_CASE_SENSITIVE_ROUTE_MATCHING express_unless_case_sensitive_route_matching
  • UNSAFE_BUFFER_METHOD unsafe_buffer_method
  • UNSAFE_DESERIALIZATION none
  • URL_MANIPULATION none
  • VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE vue_unsafe_vhtml_directive
  • WEAK_URL_SANITIZATION hostname_regular_expression
  • WEAK_URL_SANITIZATION regular_expression_anchor
  • WEAK_URL_SANITIZATION url_substring
  • XML_EXTERNAL_ENTITY external_entities
  • XSS none
  • ASPNET_MVC_VERSION_HEADER none
  • CONFIG.DYNAMIC_DATA_HTML_COMMENT none
  • CSRF database_update
  • CSRF filesystem_modification
  • CSRF none
  • FORWARD_NULL deref_constant_null
  • FORWARD_NULL deref_constant_zero
  • FORWARD_NULL dynamic_cast
  • FORWARD_NULL none
  • FORWARD_NULL null_from_as
  • FORWARD_NULL throws_on_null
  • HARDCODED_CREDENTIALS hardcoded_credential_connection_string
  • HARDCODED_CREDENTIALS hardcoded_credential_crypto
  • HARDCODED_CREDENTIALS hardcoded_credential_passwd
  • HARDCODED_CREDENTIALS hardcoded_credential_token
  • HARDCODED_CREDENTIALS none
  • HARDCODED_CREDENTIALS uri
  • HEADER_INJECTION none
  • LDAP_INJECTION none
  • LDAP_NOT_CONSTANT none
  • LOG_INJECTION none
  • MISSING_AUTHZ none
  • NULL_RETURNS none
  • OPEN_REDIRECT none
  • OS_CMD_INJECTION command_argument
  • OS_CMD_INJECTION executable_file
  • OS_CMD_INJECTION none
  • PATH_MANIPULATION none
  • REGEX_INJECTION none
  • REVERSE_INULL none
  • SCRIPT_CODE_INJECTION none
  • SENSITIVE_DATA_LEAK cleartext_exception_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_cookie
  • SENSITIVE_DATA_LEAK cleartext_storage_in_database
  • SENSITIVE_DATA_LEAK cleartext_storage_in_file
  • SENSITIVE_DATA_LEAK cleartext_storage_in_gui
  • SENSITIVE_DATA_LEAK cleartext_storage_in_log
  • SENSITIVE_DATA_LEAK cleartext_storage_in_registry
  • SENSITIVE_DATA_LEAK cleartext_transmission
  • SQLI none
  • SQLI nosink
  • SQLI sink
  • SQL_NOT_CONSTANT concat
  • SQL_NOT_CONSTANT sink
  • UNRESTRICTED_DISPATCH none
  • UNSAFE_DESERIALIZATION none
  • UNSAFE_NAMED_QUERY none
  • XML_EXTERNAL_ENTITY external_entities
  • XML_EXTERNAL_ENTITY unrestricted_dtds
  • XML_INJECTION none
  • XPATH_INJECTION none
  • XSS none
  • XSS stored_xss
2000 Comprehensive CWE Dictionary
languagecount of TaxaTaxa
c#4292,4,5,10,11,12,13,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,90,91,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,189,190,199,200,201,209,210,211,215,221,223,226,227,249,254,255,256,257,259,260,264,265,275,284,285,287,300,306,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,338,344,345,352,355,359,361,362,366,369,371,380,381,388,389,390,398,399,402,403,404,405,409,411,435,436,438,442,452,459,465,470,476,480,483,485,497,502,505,519,522,523,532,536,538,539,540,543,550,552,557,559,561,563,566,567,569,570,573,595,601,610,611,614,615,628,629,632,633,634,635,639,642,643,657,662,664,667,668,669,670,671,674,682,683,691,692,693,697,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,732,734,736,737,738,739,741,742,743,744,745,746,747,748,750,751,752,753,755,756,759,760,776,778,783,798,800,801,802,803,808,809,810,811,812,813,814,815,816,817,818,819,820,827,829,833,834,835,840,844,845,847,848,850,851,852,853,855,857,858,859,860,861,862,863,864,865,866,867,868,871,872,873,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,892,893,894,895,896,898,899,900,902,903,905,906,907,913,916,922,923,928,929,930,931,932,933,934,935,936,938,943,944,945,946,947,949,950,952,956,957,958,959,961,962,963,966,971,975,977,978,980,981,982,984,985,986,988,990,991,992,994,997,998,1000,1001,1003,1004,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1033,1034,1036,1041,1078,1114,1128,1129,1130,1131,1133,1134,1136,1137,1140,1141,1142,1143,1145,1147,1148,1149,1150,1152,1154,1157,1158,1159,1162,1163,1164,1165,1166,1169,1170,1171,1172,1194,1200,1202,1210,1211,1212,1213,1214,1219,1305,1306,1307,1308,1309,1350
c/c++4732,4,5,16,17,18,19,20,21,22,23,36,74,77,78,88,89,91,93,94,99,113,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,133,134,135,136,137,138,140,141,142,143,146,149,150,157,169,170,171,188,189,190,194,195,197,199,200,201,209,210,211,226,227,228,237,240,243,247,248,249,252,253,254,255,256,257,259,264,265,284,285,287,290,291,293,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,344,350,355,359,361,362,366,367,369,376,377,388,389,394,398,399,400,401,404,411,415,416,435,438,441,442,452,456,457,459,465,467,471,475,476,480,481,482,483,484,485,497,505,522,523,532,535,536,538,539,550,552,557,559,561,562,563,566,567,569,570,573,590,592,595,597,606,610,617,628,629,632,633,634,635,639,643,657,662,664,665,666,667,668,669,670,671,672,675,676,681,682,683,685,686,687,691,693,697,699,700,703,704,705,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,726,727,728,729,730,731,734,736,737,738,739,740,741,742,743,744,745,746,747,748,750,751,752,753,754,755,758,759,760,762,763,764,769,770,772,775,783,786,787,788,798,800,801,802,803,807,808,809,810,812,813,815,816,817,818,820,825,833,834,835,840,844,845,846,847,848,850,851,852,853,854,857,858,859,861,862,864,865,866,867,868,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,898,899,900,902,903,905,907,909,913,916,918,922,923,928,929,930,932,933,934,935,943,944,945,947,949,950,956,957,958,959,961,962,963,964,966,969,970,971,973,974,975,977,978,979,980,981,982,983,984,985,986,987,988,990,991,992,993,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1031,1032,1041,1045,1077,1078,1079,1114,1126,1128,1129,1130,1131,1133,1134,1135,1136,1137,1140,1141,1142,1143,1147,1148,1152,1154,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1210,1211,1212,1215,1218,1219,1228,1237,1238,1305,1306,1307,1308,1309,1350
cuda4712,4,5,16,17,18,19,20,21,22,23,36,74,77,78,88,89,91,93,94,99,113,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,133,134,136,137,138,140,141,142,143,146,149,150,157,169,170,171,188,189,190,194,195,197,199,200,201,209,210,211,226,227,228,237,240,243,247,248,249,252,253,254,255,256,257,259,264,265,284,285,287,290,291,293,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,344,350,355,359,361,362,366,367,369,376,377,388,389,394,398,399,400,401,404,411,415,416,435,438,441,442,452,456,457,459,465,467,471,475,476,480,481,482,483,484,485,497,505,522,523,532,535,536,538,539,550,552,557,559,561,562,563,566,567,569,570,573,590,592,595,597,606,610,617,628,629,632,633,634,635,639,643,657,662,664,665,666,667,668,669,670,671,672,675,676,681,682,683,685,686,687,691,693,697,699,700,703,704,705,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,726,727,728,729,730,731,734,736,737,738,739,740,741,742,743,744,745,746,747,748,750,751,752,753,754,755,758,759,760,762,763,764,769,770,772,775,783,786,787,788,798,800,801,802,803,807,808,809,810,812,813,815,816,817,818,820,825,833,834,835,840,844,845,846,847,848,850,851,852,853,854,857,858,859,861,862,864,865,866,867,868,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,898,899,900,902,903,905,907,909,913,916,918,922,923,928,929,930,932,933,934,935,943,944,945,947,949,950,956,957,958,959,961,962,963,964,966,969,970,971,973,974,975,977,978,979,980,981,982,983,984,985,986,987,988,990,991,992,993,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1031,1032,1041,1045,1078,1079,1114,1126,1128,1129,1130,1131,1133,1134,1135,1136,1137,1140,1141,1142,1143,1147,1148,1152,1154,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1210,1211,1212,1215,1218,1219,1228,1237,1238,1305,1306,1307,1308,1309,1350
go3812,4,5,16,17,18,19,20,21,22,23,36,74,77,78,79,80,82,83,85,86,87,88,89,93,94,99,113,116,117,137,138,140,141,142,143,146,149,150,157,171,189,199,200,201,209,210,211,221,223,226,227,249,252,253,254,255,256,257,259,264,265,284,285,287,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,344,355,359,361,362,366,369,388,389,398,399,404,405,409,411,435,436,438,441,442,452,459,465,476,480,485,497,502,505,522,523,532,536,538,539,550,552,557,561,563,566,567,569,573,601,610,611,617,629,632,633,634,635,639,657,662,664,667,668,670,671,674,675,682,691,692,693,699,700,703,706,707,710,711,712,713,714,715,717,718,719,720,721,722,723,724,725,727,728,729,730,731,734,737,738,739,741,742,743,744,745,746,747,748,750,751,752,753,754,755,764,776,778,783,798,800,801,802,803,808,809,810,811,812,813,815,816,817,818,819,820,833,834,835,840,844,845,847,848,850,851,852,853,855,857,858,859,861,862,864,865,866,867,868,871,872,873,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,892,893,894,895,896,898,899,900,902,903,905,906,907,913,918,922,923,928,929,930,931,932,933,934,935,938,943,944,945,947,950,956,957,958,959,961,962,963,966,971,975,977,978,980,981,982,984,985,986,987,988,990,991,992,994,997,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1033,1034,1036,1041,1128,1129,1130,1131,1133,1134,1136,1137,1140,1141,1142,1143,1145,1147,1148,1152,1154,1157,1158,1159,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1210,1212,1219,1305,1306,1307,1308,1309,1350
java5382,4,5,7,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,81,82,83,85,86,87,88,89,90,91,93,94,95,96,97,99,100,101,113,116,117,118,119,133,136,137,138,140,141,142,143,146,149,150,157,171,183,185,189,190,192,199,200,201,209,210,211,213,215,216,218,221,223,226,227,242,247,249,252,253,254,255,256,257,259,260,261,264,265,284,285,287,288,290,291,293,295,296,297,299,300,306,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,335,336,337,338,344,345,346,350,352,355,359,361,362,366,369,371,374,380,381,382,384,388,389,390,391,396,398,399,400,402,403,404,405,409,411,417,424,425,427,435,436,438,440,441,442,452,459,465,470,471,476,480,481,483,484,485,489,490,493,495,497,500,501,502,505,522,523,530,532,536,537,538,539,540,543,550,552,557,559,561,563,564,566,567,568,569,570,571,572,573,579,580,583,585,586,592,595,596,597,598,601,609,610,611,613,614,615,628,629,632,633,634,635,638,639,642,643,650,657,662,664,666,667,668,669,670,671,672,674,676,681,682,683,684,691,692,693,697,699,700,703,704,705,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,750,751,752,753,754,755,756,759,760,776,778,783,798,800,801,802,803,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,827,829,833,834,835,840,844,845,847,848,849,850,851,852,853,854,855,857,858,859,861,862,863,864,865,866,867,868,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,892,893,894,895,896,897,898,899,900,902,903,905,906,907,913,916,917,918,921,922,923,926,927,928,929,930,931,932,933,934,935,936,938,942,943,944,945,947,948,949,950,951,952,953,956,957,958,959,960,961,962,963,966,970,971,975,977,978,980,981,982,983,984,985,986,987,988,990,991,992,994,997,998,1000,1001,1002,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1018,1019,1020,1023,1026,1027,1028,1029,1030,1031,1032,1033,1034,1035,1036,1041,1078,1114,1128,1129,1130,1131,1133,1134,1136,1137,1139,1140,1141,1142,1143,1144,1145,1147,1148,1152,1154,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1208,1210,1211,1212,1213,1214,1215,1217,1219,1228,1305,1306,1307,1308,1309,1350
javascript4152,4,5,7,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,93,94,95,99,113,116,117,137,138,140,141,142,143,146,149,150,157,171,183,185,199,200,201,209,210,211,213,215,216,219,221,223,226,227,249,254,255,256,257,260,264,265,275,284,285,287,288,289,290,295,300,306,310,311,312,313,314,315,317,319,326,327,328,330,338,344,345,346,352,355,359,361,371,388,389,398,399,400,404,405,409,417,435,436,438,441,442,452,459,465,476,480,483,484,485,489,497,502,505,522,523,532,536,538,539,550,552,559,561,565,566,569,573,592,601,602,610,611,613,614,625,628,629,632,633,634,635,639,642,646,657,664,665,666,668,669,670,671,672,674,688,691,692,693,697,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,732,734,736,737,738,740,741,742,743,744,746,747,750,751,752,753,755,756,760,770,776,778,779,783,798,800,801,802,803,807,808,809,810,811,812,813,814,815,816,817,818,819,829,834,840,844,845,846,850,851,855,857,858,859,860,861,862,864,865,866,867,868,871,872,874,875,876,877,878,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,897,898,899,900,902,903,905,906,907,913,916,918,922,923,928,929,930,931,932,933,934,935,936,938,942,943,944,945,946,947,949,951,952,956,957,958,959,961,962,963,966,971,975,977,978,980,981,982,983,984,985,990,991,992,994,997,998,1000,1001,1002,1003,1004,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1018,1019,1020,1022,1026,1027,1028,1029,1030,1031,1032,1033,1034,1036,1041,1078,1114,1128,1129,1130,1131,1133,1134,1135,1136,1140,1141,1145,1147,1148,1149,1150,1152,1154,1157,1162,1163,1164,1165,1169,1170,1172,1187,1194,1198,1200,1202,1210,1211,1212,1213,1214,1215,1217,1219,1305,1306,1307,1308,1309,1350
kotlin3152,4,5,16,17,18,19,20,21,22,23,36,74,77,78,88,89,99,116,117,137,138,140,141,142,143,146,149,150,157,171,199,200,201,209,210,211,215,226,227,249,254,255,256,257,259,264,265,284,285,287,295,296,297,299,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,335,336,337,338,344,355,359,361,388,389,398,399,404,405,409,438,441,442,452,459,485,497,502,505,522,523,530,532,536,538,539,550,552,566,573,610,611,629,632,633,634,635,639,657,664,668,669,671,674,691,693,699,700,703,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,727,728,729,730,731,734,738,741,742,743,744,746,747,750,751,752,753,755,759,760,776,798,800,801,802,803,808,809,810,812,813,815,816,817,818,827,829,834,840,844,845,850,851,855,857,858,859,861,862,864,865,866,867,868,872,875,876,877,878,880,881,882,883,884,887,888,889,892,893,895,896,898,899,900,902,903,905,907,913,916,918,921,922,923,926,927,928,929,930,932,933,934,935,943,944,945,947,948,950,956,958,959,961,962,963,966,975,977,978,980,981,982,984,985,990,992,994,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1034,1035,1128,1129,1131,1133,1134,1140,1141,1145,1147,1148,1152,1154,1162,1163,1165,1169,1170,1172,1194,1198,1200,1202,1210,1211,1212,1213,1214,1219,1305,1306,1308,1309,1350
objective-c4652,4,5,16,17,18,19,20,21,22,23,36,74,77,78,88,89,91,93,94,99,113,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,133,134,136,137,138,140,141,142,143,146,149,150,157,169,170,171,188,189,190,194,195,197,199,200,201,209,210,211,226,227,228,237,240,243,247,248,249,252,253,254,255,256,257,259,264,265,284,285,287,290,291,293,300,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,344,350,355,359,361,362,366,367,369,388,389,394,398,399,400,401,404,411,415,416,435,438,441,442,452,456,457,459,465,467,471,475,476,480,482,483,484,485,497,505,522,523,532,536,538,539,550,552,557,559,561,562,563,566,567,569,570,573,590,592,595,597,606,610,617,628,629,632,633,634,635,639,643,657,662,664,665,666,667,668,669,670,671,672,675,676,681,682,683,685,686,687,691,693,697,699,700,703,704,705,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,726,727,728,729,730,731,734,736,737,738,739,740,741,742,743,744,745,746,747,748,750,751,752,753,754,755,758,759,760,762,763,764,769,770,772,775,783,786,787,788,798,800,801,802,803,807,808,809,810,812,813,815,816,817,818,820,825,833,834,835,840,844,845,846,847,848,850,851,852,853,854,857,858,859,861,862,864,865,866,867,868,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,898,899,900,902,903,905,907,909,913,916,918,922,923,928,929,930,932,933,934,935,943,944,945,947,949,950,956,957,958,959,961,962,963,966,969,970,971,973,974,975,977,978,979,980,981,982,983,984,985,986,987,988,990,991,992,993,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1031,1032,1041,1045,1078,1079,1114,1128,1129,1130,1131,1133,1134,1135,1136,1137,1140,1141,1142,1143,1147,1148,1152,1154,1156,1157,1158,1159,1160,1161,1162,1163,1164,1165,1166,1167,1169,1170,1171,1172,1194,1198,1200,1202,1210,1211,1212,1215,1218,1219,1228,1237,1238,1305,1306,1307,1308,1309,1350
php3292,4,5,16,17,18,19,20,21,22,23,36,74,77,78,79,80,82,83,85,86,87,88,89,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,199,200,201,209,210,211,226,227,249,254,255,256,257,264,265,284,285,287,306,310,311,312,313,314,315,317,319,330,344,345,352,355,359,361,388,389,398,399,404,435,436,438,442,452,459,465,470,476,480,483,484,485,497,502,505,522,523,532,536,538,539,550,552,559,561,566,569,573,601,610,611,628,629,632,633,634,635,639,657,664,665,668,670,671,688,691,692,693,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,734,736,737,738,740,741,742,743,744,746,747,750,751,752,753,755,783,798,800,801,802,803,808,809,810,811,812,813,814,815,816,817,818,819,840,844,845,846,850,851,857,858,859,861,862,864,865,866,867,868,871,872,874,875,876,877,878,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,898,899,900,902,905,907,913,922,928,929,930,931,932,933,934,935,936,938,943,944,945,947,949,952,957,961,962,963,966,971,975,977,978,980,981,982,984,990,991,992,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1033,1034,1041,1078,1114,1128,1130,1131,1133,1134,1135,1136,1140,1141,1147,1148,1152,1154,1157,1162,1163,1164,1165,1169,1170,1172,1194,1200,1202,1210,1211,1212,1219,1305,1306,1307,1308,1309,1350
python3192,4,5,16,17,18,19,20,21,22,23,36,74,77,78,79,80,82,83,85,86,87,88,89,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,199,200,201,209,210,211,226,227,249,254,255,256,257,264,265,284,285,287,306,310,311,312,313,314,315,317,319,330,344,345,352,355,359,361,388,389,398,399,404,435,436,438,442,452,459,465,476,480,485,497,502,505,522,523,532,536,538,539,550,552,559,561,566,569,573,601,610,611,628,629,632,633,634,635,639,657,664,668,670,671,688,691,692,693,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,734,736,737,738,741,742,743,744,746,747,750,751,752,753,755,783,798,800,801,802,803,808,809,810,811,812,813,814,815,816,817,818,819,840,844,845,850,851,857,858,859,861,862,864,865,866,867,868,871,872,875,876,877,878,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,898,899,900,902,905,907,913,922,928,929,930,931,932,933,934,935,936,938,943,944,945,947,949,952,957,961,962,963,966,971,975,977,978,980,981,982,984,990,991,992,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1033,1034,1041,1128,1130,1131,1133,1134,1136,1140,1141,1147,1148,1152,1154,1157,1162,1163,1164,1165,1169,1170,1172,1194,1200,1202,1210,1211,1212,1219,1305,1306,1307,1308,1309,1350
ruby3532,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,93,94,95,113,116,136,137,138,140,141,142,146,149,150,157,171,183,184,185,189,199,200,209,212,215,227,249,254,255,259,263,264,265,275,284,285,287,289,295,300,307,310,311,312,318,319,320,321,327,330,344,345,352,359,361,369,371,388,389,398,399,400,404,435,436,438,442,452,465,470,476,480,502,505,521,522,523,559,561,569,573,592,599,601,610,614,625,628,629,632,634,635,639,642,657,661,664,665,668,669,670,671,682,688,691,692,693,697,699,700,703,704,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,732,734,736,737,738,739,740,741,742,743,744,746,747,750,751,752,753,755,777,783,798,799,800,801,802,803,808,809,810,811,812,813,814,815,816,817,818,819,840,844,845,846,848,850,851,857,858,859,860,861,862,864,865,866,867,868,871,872,873,874,875,876,877,878,880,882,883,884,885,886,887,888,889,890,892,893,895,896,898,899,900,902,903,905,907,913,915,916,922,923,928,929,930,931,932,933,934,935,936,937,938,943,944,945,946,947,948,949,950,951,955,956,957,958,961,962,963,966,971,975,977,978,980,981,982,984,985,990,991,992,994,998,1000,1001,1003,1004,1005,1006,1008,1010,1011,1012,1013,1014,1015,1019,1020,1026,1027,1028,1029,1031,1032,1033,1034,1035,1041,1128,1129,1130,1131,1133,1134,1135,1136,1137,1140,1141,1147,1148,1149,1150,1152,1154,1157,1158,1159,1161,1162,1163,1164,1165,1169,1170,1172,1200,1211,1212,1215,1219,1305,1306,1307,1308,1309,1350
scala10217,18,19,20,189,190,254,361,398,438,452,465,476,480,483,561,569,635,664,665,670,682,691,693,699,700,710,711,722,730,734,737,738,739,740,742,746,747,750,751,752,783,800,802,808,844,846,865,867,868,871,872,873,874,876,883,884,885,886,888,889,890,892,896,900,907,962,971,975,977,978,984,994,998,1000,1003,1005,1006,1008,1019,1041,1078,1114,1128,1130,1133,1135,1136,1137,1154,1157,1158,1159,1162,1163,1164,1200,1305,1306,1307,1308,1350
swift2972,4,5,16,17,18,19,20,21,22,23,36,74,89,91,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,199,200,201,209,210,211,226,227,249,254,255,256,257,264,265,284,285,287,295,296,300,310,311,312,313,314,315,317,319,326,327,328,330,344,355,359,361,388,389,391,398,399,404,438,442,452,459,465,476,480,485,497,505,522,523,532,536,538,539,550,552,561,566,569,573,610,611,629,632,633,635,639,643,657,664,668,669,670,671,691,693,699,700,703,706,707,710,711,713,714,715,717,718,719,720,721,722,723,724,727,728,729,730,731,734,737,738,742,743,746,747,750,751,752,753,755,798,800,801,802,803,808,809,810,812,813,815,816,817,818,829,840,844,845,850,851,857,858,859,861,862,864,865,866,867,868,871,872,876,877,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,898,899,900,902,903,905,907,913,922,923,928,929,930,932,933,934,935,943,944,945,947,948,956,958,959,961,962,963,966,971,975,977,978,980,981,982,984,990,991,992,994,998,1000,1001,1003,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1019,1020,1026,1027,1028,1029,1030,1031,1032,1041,1128,1130,1131,1133,1134,1136,1140,1141,1147,1148,1152,1154,1157,1159,1162,1163,1164,1167,1169,1170,1171,1172,1194,1200,1202,1210,1211,1212,1214,1219,1305,1306,1307,1308,1309,1350
typescript4152,4,5,7,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,93,94,95,99,113,116,117,137,138,140,141,142,143,146,149,150,157,171,183,185,199,200,201,209,210,211,213,215,216,219,221,223,226,227,249,254,255,256,257,260,264,265,275,284,285,287,288,289,290,295,300,306,310,311,312,313,314,315,317,319,326,327,328,330,338,344,345,346,352,355,359,361,371,388,389,398,399,400,404,405,409,417,435,436,438,441,442,452,459,465,476,480,483,484,485,489,497,502,505,522,523,532,536,538,539,550,552,559,561,565,566,569,573,592,601,602,610,611,613,614,625,628,629,632,633,634,635,639,642,646,657,664,665,666,668,669,670,671,672,674,688,691,692,693,697,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,732,734,736,737,738,740,741,742,743,744,746,747,750,751,752,753,755,756,760,770,776,778,779,783,798,800,801,802,803,807,808,809,810,811,812,813,814,815,816,817,818,819,829,834,840,844,845,846,850,851,855,857,858,859,860,861,862,864,865,866,867,868,871,872,874,875,876,877,878,880,881,882,883,884,885,886,887,888,889,890,892,893,895,896,897,898,899,900,902,903,905,906,907,913,916,918,922,923,928,929,930,931,932,933,934,935,936,938,942,943,944,945,946,947,949,951,952,956,957,958,959,961,962,963,966,971,975,977,978,980,981,982,983,984,985,990,991,992,994,997,998,1000,1001,1002,1003,1004,1005,1006,1008,1009,1010,1011,1012,1013,1014,1015,1016,1018,1019,1020,1022,1026,1027,1028,1029,1030,1031,1032,1033,1034,1036,1041,1078,1114,1128,1129,1130,1131,1133,1134,1135,1136,1140,1141,1145,1147,1148,1149,1150,1152,1154,1157,1162,1163,1164,1165,1169,1170,1172,1187,1194,1198,1200,1202,1210,1211,1212,1213,1214,1215,1217,1219,1305,1306,1307,1308,1309,1350
vb.net3932,4,5,10,12,16,17,18,19,20,21,22,23,36,73,74,77,78,79,80,82,83,85,86,87,88,89,90,91,94,95,116,117,137,138,140,141,142,143,146,149,150,157,171,189,199,200,201,209,210,211,221,223,226,227,249,254,255,256,257,259,264,265,284,285,287,300,306,310,311,312,313,314,315,317,318,319,320,321,326,327,328,330,338,344,345,352,355,359,361,369,371,380,381,388,389,398,399,402,403,404,405,409,435,436,438,442,452,459,465,470,476,485,497,502,505,519,522,523,532,536,538,539,540,543,550,552,557,559,561,566,573,601,610,611,615,628,629,632,633,634,635,639,642,643,657,662,664,668,669,671,674,682,683,691,692,693,699,700,703,706,707,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,727,728,729,730,731,734,736,737,738,739,741,742,743,744,745,746,747,750,751,752,75